Hi there
We have a samba4 AD (installed on ubuntu servers) and also ubuntu client workstations. Those ubuntu workstations authenticate themselves to samba4/AD server through pam_sssd.
Users authentication against Samba4/AD works well, but i don't know how to allow users to change their own passwords through thios mecanism. I tried several methods like smbpasswd, samba-tool user setpassword, passwd or kpasswd but none of them works.
Do some of you know how to proceed to make it work with samba4/AD authentication? The goal is simply to allow a workstation user to change his password whithout using a web interface.
Here is the sssd setup of the workstations:
/etc/sssd/sssd.conf:
[sssd] config_file_version = 2 domains = mydomain.lan services = nss, pam default_domain_suffix = mydomain.lan
[domain/mydomain.lan]
id_provider = ad auth_provider = ad chpass_provider=ad access_provider = ad
ldap_id_mapping = True default_shell = /bin/bash
use_fully_qualified_names = False override_homedir = /users/home/%u fallback_homedir = /users/home/%u
krb5_use_enterprise_principal=false krb5_validate = False krb5_store_password_if_offline = False ad_domain = mydomain.lan krb5_realm = MYDOMAIN.LAN realmd_tags = manages-system joined-with-samba
Thanks
On Tue, May 14, 2019 at 10:04:56AM +0200, Julien TEHERY wrote:
Hi there
We have a samba4 AD (installed on ubuntu servers) and also ubuntu client workstations. Those ubuntu workstations authenticate themselves to samba4/AD server through pam_sssd.
Users authentication against Samba4/AD works well, but i don't know how to allow users to change their own passwords through thios mecanism. I tried several methods like smbpasswd, samba-tool user setpassword, passwd or kpasswd but none of them works.
The only method out of those you listed above that goes through sssd is plain 'passwd'. Did you have a chance to look into the logs? See https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
Le 15/05/2019 à 10:50, Jakub Hrozek a écrit :
On Tue, May 14, 2019 at 10:04:56AM +0200, Julien TEHERY wrote:
Hi there
We have a samba4 AD (installed on ubuntu servers) and also ubuntu client workstations. Those ubuntu workstations authenticate themselves to samba4/AD server through pam_sssd.
Users authentication against Samba4/AD works well, but i don't know how to allow users to change their own passwords through thios mecanism. I tried several methods like smbpasswd, samba-tool user setpassword, passwd or kpasswd but none of them works.
The only method out of those you listed above that goes through sssd is plain 'passwd'. Did you have a chance to look into the logs? See https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
It appears that it finally does work with kpasswd. The fact it did'nt worked until then was because i tried to type in directly the new password instead of the old one that was asked by kpasswd
sssd-users@lists.fedorahosted.org