similar to: Problem setting password: : failed to pull old supplementalCredentialsBlob: NT_STATUS_BUFFER_TOO_SMALL

On Thu, 2015-11-19 at 12:54 +0100, Javier Amor Garcia wrote: > Hello, > > I am stuck with a error when setting password for a couple of > specific > users. This error makes impossible to set the password for the > affected > users. > > In Windows I get an operation error but the samba-tool output is more > informative: > > > samba-tool user setpassword

Hello. Samba 4.1.0pre1-GIT-aad669b, joined as a DC to an existing domain. At least 6 accounts behave like this: Kerberos: AS-REQ techgroup at KLIN.KIFATO-MK.COM from ipv4:192.168.1.31:33822 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM ldb: ldb_trace_request: SEARCH dn: <rootDSE> scope: sub expr: (&(objectClass=user)(userPrincipalName=techgroup at KLIN.KIFATO-MK.COM)) control:

Make a note: it is better to disable 'check password script' in the DC(s) before trying to join a new DC. ;( root at vdcpp1:~# samba-tool domain join ad.my.dom DC -U"MYDOM\administrator" --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'ad.my.dom' Found DC vdcsv1.ad.my.dom Password for [MYDOM\administrator]: workgroup is MYDOM realm is ad.my.dom Adding

Hi, After making progress with my scripts for software installation (thanks, Rowland!) I am on a bit of a mission to get things working again. I found that permissions on my sysvol share were somehow incorrect (group ownership was root, etc.) so I ran 'samba-tool ntacl sysvolreset'.. however this now fails with the following error. (I'm on Samba 4.5.0) user at dc2:~ $ sudo

OK, I've traced this a little further on now. I think I have followed the trail via the following items that call or refer to each other in turn: - python samba-tool ntacl sysvolreset - source3/smbd/pysmbd.c: SMB_VFS_FSET_NT_ACL( fsp, security_info_sent, sd); - source3/include/vfs_macros.h:#define SMB_VFS_FSET_NT_ACL smb_vfs_call_fset_nt_acl - source3/smbd/vfs.c:NTSTATUS

Hi, I've detected a very strange behavior on samba 4.8.9 and 4.10.6. After setting a new password for a user with samba-tool the old password remains valid. The user can use both passwords. After setting the third password become the first password invalid: :~ # samba-tool user setpassword extisadm --newpassword=12AbCdEf Changed password OK :~ # samba-tool user setpassword extisadm

I've a script 'infrastructure' that manage password propagation between some domains/password sources. When, in my AD domains, i ''consume'' a passord caming from another domain, i run: samba-tool user setpassword ${USER} --option="check password script"="" --newpassword="$mypassword" and the script exit with status 0 and print

On Tue, 27 Mar 2018 13:38:56 -0400 Mark Foley wrote: > > On Mon, 26 Mar 2018 08:08:53 +0200 Michael Wandel <m.wandel at t-online.de> wrote: > > > > Am 26.03.2018 um 06:31 schrieb Mark Foley via samba: > > > As a normal user, I want to change my Domain Password. I've tried: > > > > > > $ samba-tool user setpassword myuserId

Hello, We're having a problem with "Samba 4" joined to a "Server 2008 R2" domain (at "Server 2008" functional level across the forest). The interesting thing is that this only affects a single user - all other accounts work without problems. When accessing our main server using that account, "smbd" always reports "can't parse the PAC:

Dear all, we are transitioning from an openldap / MIT KDC setup to a samba4 AD. I am doing this by setting up a samba NT4 domain, populating it from LDAP and sticking in the password hashes which I automatically extract from the MIT KDC arc4-hmac keys. Then I run the classicupgrade. I do this whole thing from cron in a script once a day to be able to slowly migrate services. The MIT / openldap

I have a new problem. I'm currently running Samba4 4.4.16 as an AD/DC. I've been running this AD/DC for several years now. I am using redirected folders. Up to now, domain users logging onto any domain member Windows workstation would get their desktop. Recently I discovered that users now only get their desktop on their "usual" workstation, and the Desktop Target is in fact

Did you run the command to disable the password check or complexabilty on all you DC's? That is needed. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: dinsdag 24 oktober 2017 15:33 > Aan: samba at lists.samba.org > Onderwerp: [Samba] 'check password script'

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, I'm trying to get samba4 to provision with the latest git version. My provision command looks like so: # ./setup/provision --realm=TEST.DOMAIN --domain=DOMAIN --adminpass=pass - --server-role='domain controller' --ldap-backend-type=openldap - --slapd-path=/usr/sbin/slapd I get the following output from the command: hdb_db_open:

i'm running (well trying to run) samba3a20-4 from debian with sam backend = ldapsam_nua:ldap://localhost/ when i try to log in I get a message saying that the roaming profile has the wrong permissions. There is no profile in place for this user... it should be created from the netlogon share (which was copied to netlogon via the system control panel with "everybody" given permission

On Sun, 27 Oct 2024 15:08:14 +0100 William Edwards <wedwards at cyberfusion.nl> wrote: > > > Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba > > <samba at lists.samba.org> het volgende geschreven: > > > > ?On Sun, 27 Oct 2024 13:58:56 +0100 > > William David Edwards via samba <samba at lists.samba.org> wrote: > > > >> Hi,

Mandi! Kacper Wirski via samba In chel di` si favelave... > I understand the OP, I was asking some time ago similar question, but it was > in relation to samba domain member. Thanks, Kacper. > I couldn't get backend: ad to work for > machine accounts, so i switched to idmap: rid and it solved everything. I > tried manually adding UID and GID to Domain Computer group and to

The password encryption works because I can modify the password connected to a DC samba4, but the problem is when I try the same with the Windows DC. I'm using a LDAP java library. My question is: what is the samba-tool authentication method that you can reset password connected to a Windows DC using "samba-tool user setpassword Admin --newpassword=PASSWORD -H ldap://10.0.0.3 -U

Kees van Vloten via samba schreef op 2024-10-27 15:37: > Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: >> On Sun, 27 Oct 2024 15:08:14 +0100 >> William Edwards <wedwards at cyberfusion.nl> wrote: >> >>>> Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba >>>> <samba at lists.samba.org> het volgende geschreven: >>>>

Hi, I'm tying to set user's LDAP passwords using LDAP. `samba-tool user setpassword` does so by setting the write-only `unicodePwd` attribute, but turning it into binary and Base64-encoding it first: ``` if not isinstance(password, str): pw = password.decode('utf-8') else: pw = password pw = ('"' + pw + '"').encode('utf-16-le')

On Mon, 22 Apr 2024 08:56:41 -0400 Mark Foley via samba <samba at lists.samba.org> wrote: > New related issue. > > I upgraded the Domain Controller from 4.8.2 to 4.18.9 about 90 days > ago, and set the 'Maximum password age' to 90 days. Today, two of the > users' passwords were expired when they tried to log in this morning. > They got the messaage that their