On Mon, Jul 11, 2011 at 10:45:21AM -0500, John P Janosik wrote: > I've got a cluster of Samba servers with security=user and a ctdb passdb > backend. I need to keep the passwords for the users in sync with another > system, which will pass me userid and password for each change and reset. > My question is what is the simplest way to do the password reset for a > user as root on one of the Samba servers. I need to allow the user to > change their password immediately after reset despite the presence of a > minimum password age policy in the case of reset. It seems windows does > this by setting one of the password time fields to 0 to mean "password > must change at next login" for this case. If I use "smbpasswd -s" as root > the password is changed as I want, but the user cannot change the password > until the next day. I didn't see a way to set this flag via any of the > Samba tools as root. > > I was able to get this working via rpcclient by mimicking an admin > password reset from a Windows machine, but this required having access to > the password for an admin account available to the automation. > > I ended up patching pdbedit to add a new option " -Y, --pw-must-change > set password must change flag" and call this after setting the pw. > Does anyone know if there is another way to accomplish this so I don't > have to patch Samba at each release? If there is no way with the current > tools would a patch be accepted to add this?
First, such a patch would be appreciated, although pdbedit is a bit deprecated. Try "net sam set pwdmustchangenow". Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
