Hi there
We have a samba4 AD (installed on ubuntu servers) and also ubuntu client
workstations.
Those ubuntu workstations authenticate themselves to samba4/AD server
through pam_sssd.
Users authentication against Samba4/AD works well, but i don't know how
to allow users to change their own passwords through thios mecanism.
I tried several methods like smbpasswd, samba-tool user setpassword,
passwd or kpasswd but none of them works.
Do some of you know how to proceed to make it work with samba4/AD
authentication?
The goal is simply to allow a workstation user to change his password
whithout using a web interface.
Here is the sssd setup of the workstations:
/etc/sssd/sssd.conf:
[sssd]
config_file_version = 2
domains = mydomain.lan
services = nss, pam
default_domain_suffix = mydomain.lan
[domain/mydomain.lan]
id_provider = ad
auth_provider = ad
chpass_provider=ad
access_provider = ad
ldap_id_mapping = True
default_shell = /bin/bash
use_fully_qualified_names = False
override_homedir = /users/home/%u
fallback_homedir = /users/home/%u
krb5_use_enterprise_principal=false
krb5_validate = False
krb5_store_password_if_offline = False
ad_domain = mydomain.lan
krb5_realm = MYDOMAIN.LAN
realmd_tags = manages-system joined-with-samba
Thanks