I recently set up a Samba Server using Ubuntu 22.04 as an NT domain controller (not Active Directory!). After quite some time fiddling with the settings and finally getting external help it worked. I could successfully add a Windows 10 computer to the domain and then log into it using any of the configured domain users, access the shares and even use remote desktop with a domain user.
The only thing that consistently failed, was changing the Domain password from the Windows box. As always the Windows error message was unhelpful:
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.
They could as well have told me that my sacrifice did not please the gods.
Digging into the Samba logs was a bit more rewarding. There was the following error message buried under lots and lots of text:
[date time, 3] ../../source3/auth/pampass.c:388(smb_pam_passchange_conv)
smb_pam_passchange_conv: Could not find reply for PAM prompt: New password:
That looks like changing the Linux password failed, so the first thing I tried was disabling password synchronization between Samba and Linux by setting the following Samba option to No:
unix password sync = No
Now, changing the password worked fine, but of course, only the Samba password was changed, the Linux password remained unchanged. That wasn’t what I wanted, so I changed the Samba password back to get them into sync again and then re-enabled that option.
Back to the Samba error message: It looks like the prompt of the passwd tool does not match what is configured in smb.conf. It says there (and that’s the default shipped with Ubuntu):
passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
Apparently Samba calls /usr/bin/passwd as root, passing the username as parameter. Then it examines the output of that tool in order to send the new password twice.
When I do that manually, I get the following:
$ /usr/bin/passwd username New password: Retype new password: passwd: password updated successfully
So, the text given for passwd chat simply is wrong. The prompt is not “Enter new password:” but rather “New password:”. Apparently passwd was changed at some time but nobody adapted the Samba configuration.
Changing this to
passwd chat = "*New\s*password:*" %n\n "*Reenter\nnew\spassword:*" %n\n "*password\supdated\ssuccessfully*"
fixed the problem for me.