Change Windows AD password from Linux

Question

Is there a way to change my Windows domain password from Linux?

score 22 · Answer 1 · edited Mar 19 '18 at 19:56

22

I've done this on OS X, the same command exist on linux.

According to this site. Looks like the way to avoid adding the username to smbpasswd file to use smbpasswd -U <user> -r <IP address of DC>

edited Mar 19 '18 at 19:56

Deltik

314
1
4
14

answered Dec 27 '10 at 15:19

JamesBarnett

1,129
8
12

According to the [smbpasswd man page](http://linux.die.net/man/8/smbpasswd), this won't do the right thing; the `-a` flag means "the username following should be added to the local smbpasswd file". It's possible that the man page is incorrect; but I'm suspicious. – larsks Jan 25 '11 at 01:47
Thanks I checked the manpage and then checked google and changed the answer. – JamesBarnett Jan 25 '11 at 02:19
3

Error was : NT_STATUS_ACCESS_DENIED. But if I use smbclient -L to try and list servers, I get a different error message that my password has expired, which implies that the password I'm typing is correct. – Hakanai Sep 28 '17 at 04:31
I get `NT_STATUS_IO_TIMEOUT`. Is there a port that must be opened for this command to work? – Christoffer Reijer Aug 30 '19 at 06:39

score 5 · Answer 2 · answered Oct 26 '15 at 14:47

5

I'm using the same solution as @JamesBarnett, I've just created a script that also gets the domain controller IP too (I never know what the IP is when I need to change my password).

#!/bin/bash

USER="your.username"
DOMAIN="yourdomain.com"

smbpasswd -U $USER -r `nslookup _ldap._tcp.dc._msdcs.$DOMAIN | awk '{print $2;exit;}'`

answered Oct 26 '15 at 14:47

Justin

151
1
3

1

The `nslookup` command will not work as given, because the ldap record is of DNS type SRV. You need to perform: `nslookup -type=SRV ...etc...` and filter it appropriately (it's more complicated than a simple awk), or better yet: `$(dig SRV +noall +additional _ldap._tcp.dc._msdcs.$DOMAIN | awk '{print $5}')` replaces the entire nslookup between the backticks that you have, above. – Mike S Nov 21 '16 at 21:37
@MikeS that command outputs multiple servers separated by whitespace, but I suspect that smbpasswd might want a single server. – Hakanai Sep 28 '17 at 04:33
@Trejkaz Yes, that's what I mean by "filter it appropriately". The DNS records are of type SRV, that's for starters. How you get the SRV records I have shown. Now, how you choose a domain controller, that part I'm not sure of. – Mike S Oct 02 '17 at 13:39

Change Windows AD password from Linux

2 Answers2