I sometimes noticed in former versions of samba 3 that usrmgr must be started from a win machine which is in the domain, but for sure it has to be run as a user account in role of Domain Admin to have permission to change anything Regards
Dan Slatford schrieb:
On Wed, 2004-09-15 at 15:14, rruegner wrote:
Hi Dan, passwd program = /usr/local/sbin/smbldap-passwd.pl "%u" should do the job ( password change )
Ahh. This is what I thought, so tried that too. However, it seems 'passwd program' is only for changing the unix password, not the windows passwords. It has no effect if 'unix password sync' is disabled, which I'm not using since 'ldap passwd sync = Yes' does the same thing with ldap.
If I enable unix password sync along with your suggestion, I can't change passwords at all then. Windows moans that "You do not have permission to change your password". I don't know why, samba calls as root the smbldap-passwd script as root just fine yet the password isn't updated. If I run it manually in just the same way it works! I presume it has something to do with samba also trying to change the windows passwords in ldap it's own way in addition to the script it runs.
Anyway, it seems password program wasn't intended to be used in his way, but for changing unix passwords only.
i am not sure if sambaPwdMustChange works , but if it does it works only with ldap this value can be changed by usrmgr, which writes to the ldap attribute in the directory.
This gets interesting too.
If I set the password to not expire, I see the X appear in that users record:
sambaAcctFlags: [UX ]
Yet Windows (XP SP2) still prompts for a password change in one day when I log in. If I set the account expiration date in usermgr.exe then sambaPwdMustChange is not updated. (But I don't know if that's suppose to work).
It all seems so horribly broken :(
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
