Windows users cannot change it's password

,

As seen in documentation windows domain user logged to a a nethserver 6.8 acting as a domain controller can change its password "using the Windows tools"
That is not true. Domain users only change pwd trough web manager.
It is the documentation wrong or it is my fault?

AFAIK this feature works correctly.

Anyone had the same problem? @alefattorini @nrauso

I don’t know… This could be a regression bug. I just can say, when I wrote the documentation it used to work correctly!

You said NethServer acts as PDC: did the windows client join the domain? Could you explain the procedure to reproduce the bug? What’s the error message?

Not that I am aware of, @Auto_Bitacora you’re the first

1 Like

Same for me: i’m not aware of this kind of problem
I’ll try to check it.

1 Like

https://forums.contribs.org/index.php/topic,52650.0.html
https://forums.contribs.org/index.php/topic,52610.0.html

2 Likes

Looks like a windows update issue, right? thanks @Stefano_Zamboni for having pointed it out

1 Like

Thank you very much for the links, @Stefano_Zamboni

It seems our friends from SME Server already addressed this issue. IIUC a recent security fix from Microsoft disables the NTLM password change.

From https://support.microsoft.com/en-us/kb/3167679:

The security updates that are provided in MS16-101 and newer updates disable the ability of the Negotiate process to fall back to NTLM when Kerberos authentication fails for password change operations with the STATUS_NO_LOGON_SERVERS (0xc000005e) error code.

@Auto_Bitacora can you confirm the links above solve your problem? If so, please mark this topic as solved!

2 Likes

I believe that “standard windows tools” means (in a W7 Pro machine joined to the NS6.8 domain) pressing Ctrl+Alt+Del altogether and choose "change password…
In my setup after a common interface with “type old password, twice new password stuff” W7 replies “access denied” popup and the normal user keeping the old password.

well, did you read all the answers? :slight_smile:

We should go further, indeed. Please, give us some time to collect more cases.

At the last extent of my weak understanding of the recommendatios from those links, the “solution” will be to do a rollback of the MS16-101 patch on every w7 PRO machine connected to nethserver.
If that is the only solution, i prefer to train users to use the web manager interface to change her/his password.
But maybe i didnt understand something important…

it’s not something coming from NS, it’s an issue created by M$…

it’s up to you to choose the better approach with your setup

So, web manager will be :slight_smile:
Thanks a lot, guys

1 Like