Tiger, AD, cached account, password not changing

[Craigster]

Hello,

I have AD authenticating Mac OS X users with network home folders.

I am testing the new “home sync” in 10.4 on my laptop, hoping to deploy this to users of portables.

I’ve been successfully authenticating against AD. When on the network, I hit AD and it tells me via Kerberos Agent of a nearing password expiration. When off the network , it just logs me into the cached account without any password expiration warning. All seems to be working perfectly.

Then, my password was about to expire in 3 hours. Time to change it. I attempted to change password via System Prefernces > Accounts. I repeatedly got the following error:

“Your system administrator may not allow you to change your password or there was some other problem with your password. Contact your system administrator for help.”

Since that didn’t work, I thought I’d try using System > Library > CoreServices > Kerberos to change the password. There I got this error:

“Password change rejected”

So, I logged into our OWA to change the password. No problem there.

As I understand it, we are using a group policy within AD to validate passwords to make sure they meet character and minimum length requirements. Could this be the issue?

After I logged out of my computer and attempted to log back in with the new password, failure. Even after a restart, I cannot log in with the new password. I can only log in by using my previous, cached password.

Any ideas on..
a) why I couldn’t change my password via Accounts?
b) how can I update my cached password

Is there general flakiness here that I should be aware of?

Thanks

[schilled]

Check this post on MacOSXHints.com. Some one else ran into this problem and you can not change password from local client. Going to be a big problem for us too.

[Author]

Posts