Windows xp change password failed


#1

hello, I have some windows xp from which can’t change passowrd, in log.samba I find:

[2017/10/26 11:49:22.681147, 0, pid=8667] …/auth/gensec/gensec.c:241(gensec_verify_features)
Did not manage to negotiate mandatory feature SIGN

and on client machine a popup windows say: can not change your password now. intranet domain is unavailable (intranet is the local domain name)

i did try:

client ipc signing = auto
client signing = auto

but the problem persist.


#2

Hey,

I don’t have a solution for you, and given XP’s status as being end of life I don’t think you can expect to really find one. You could simply configure the Password Self-Service and tell your users to use that one.

Kind regards,
mosu


#3

Hello, just a follow-up. Still, no resolution. I’ve tried different combinations with “client ipc signing” without luck.

A traffic dump shows the problem as:

  1. windows XP client sends a DCE/RPC SAMR command GetDomPwInfo
  2. samba responds with DCE/RPC Fault nca_proto_error

I’ve also tried fiddling with Local Security Policy registry values at the Win XP machine, but got nothing good out of it.

The problem appear only if the administrator force user to change password

net sam set pwdmustchangenow USERNAME yes

on the left a working config with a standard samba 4.6.8 on the right ucs 4.2.2…