Now when you have a successful running Samba4 domain server, you might come across a time when you will have to change the Administrator password. Let me show you the steps to do the same:
Let us verify the details of the current password. As soon as you create a Kerberos password for authentication against clients it creates a expiration date of the password.
The klist command displays the contents of a Kerberos credentials cache or key table.
-e : Displays the encryption type for the session key and the ticket.
# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@EXAMPLE.COM
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@EXAMPLE.COM
Valid starting Expires Service principal
03/25/13 05:46:08 03/25/13 15:46:08 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 03/26/13 05:46:04, Etype (skey, tkt): arcfour-hmac, arcfour-hmac
Now to change the current administrator password
# kpasswd
Password for administrator@EXAMPLE.COM:
Enter new password:
Enter it again:
Password changed.
How to Reset Administrator Password
In case you forgot the administrator password then no need to panic as you can reset the password by logging physically into the domain server box
# samba-tool user setpassword Administrator
New Password:
Enter it again:
Password changed.
Related Articles
Samba 4.1 as Active Directory configuration guide
How to configure Linux client to join samba4 domain
Helpful tutorial. Thanks a lot.
Thanks a lot for the tutorial
Hi,
I am not able to join system on Domain controller in Samba4 setup. Also replicaiton fail.
$ samba-tool drs showrepl
ldb_wrap open of secrets.ldb
GENSEC backend ‘gssapi_spnego’ registered
GENSEC backend ‘gssapi_krb5’ registered
GENSEC backend ‘gssapi_krb5_sasl’ registered
GENSEC backend ‘spnego’ registered
GENSEC backend ‘schannel’ registered
GENSEC backend ‘naclrpc_as_system’ registered
GENSEC backend ‘sasl-EXTERNAL’ registered
GENSEC backend ‘ntlmssp’ registered
GENSEC backend ‘http_basic’ registered
GENSEC backend ‘http_ntlm’ registered
GENSEC backend ‘krb5’ registered
GENSEC backend ‘fake_gssapi_krb5’ registered
Using binding ncacn_ip_tcp:pdc.example.com[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name pdc.example.com
resolve_lmhosts: Attempting lmhosts lookup for name pdc.example.com
Wrong username or password: kinit for PDC$@EXAMPLE.COM failed (Preauthentication failed)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
Got challenge flags:
Got NTLMSSP neg_flags=0x60898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP Sign/Seal – Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:10.0.1.200[1024,seal,target_hostname=pdc.example.com,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.0.1.200] NT_STATUS_LOGON_FAILURE
ERROR(): DRS connection to pdc.example.com failed – drsException: DRS connection to pdc.example.com failed: (-1073741715, ‘Logon failure’)
File “/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/drs.py”, line 41, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File “/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py”, line 54, in drsuapi_connect
raise drsException(“DRS connection to %s failed: %s” % (server, e))