Setting password on NT PDC using Samba w/admin rights

Ryan Russell Ryan.Russell at
Tue Dec 14 06:33:17 GMT 1999

Howdy.  I hope I'm not asking a stupid question that everyone but me
know the answer to.  I've done a bit of web searching, archive searching,
and poking around the source, so I hope I've done my due diligence.

Here's what I'm basically trying to accomplish:

I want to reset the passwords of NT users in one of our domains from
a *nix box.  Obviously, I've looked at smbpasswd.  That works well
if the old password is known.  I'm looking at the situation where an
admin doesn't know the old password, but they themselves have the
right to change passwords for everyone.  Just to be explicit, the PDC
is a Windows NT machine, and there is no local smbpasswd file
on the unix machine that I'm concerned about.

Poking around in the source, I see remote_password_change
ultimately calls:

        if(!cli_oem_change_password(&cli, user_name, new_passwd, old_passwd)) {
                slprintf(err_str, err_str_len-1, "machine %s rejected the
password change: Error was : %s.\n", remote_machine, cli_errstr(&cli) );
                return False;

after some cli setup.  The cli setup prototype looks promising:

BOOL cli_session_setup(struct cli_state *cli,
                       char *user,
                       char *pass, int passlen,
                       char *ntpass, int ntpasslen,
                       char *workgroup);

However, digging deeper shows that the cli_oem_change_password function
maps to the SamOEMChangePassword call, which is documented in
Paul Leach's CIFS draft.  That call explictly calls for both an old and new
so I assume that I can't use that call, no matter how priveleged an account I
give in
the cli_session_setup call.

I also notice rpcclient, which looks promising.  However, the parts I need
don't seem to be implemented on *nix yet.  A nice bonus for my project would be
to be able to pull a user list from a *nix Samba client.  By way of vote, I'd
to see rpcclient renamed net, eventvwr, etc..  As someone familiar with both NT
and unix in general, I completely missed the purpose of rpcclient for a few
I think mostly because of the name.  Symlinks and checking argv[0] would be just
just something that would make my brain click when I saw the names in the

So, does there exist  way to do what I want?  Is the appropriate call buried
in Samba?  Does rpcclient need to get farther along first?  If what I want
exist quite yet, is there any chance that a newbie to the Samba project would be
able to contribute in these areas?  (Not asking whether code contributions would
accepted... asking if there's any chance I'd be able to figure out what needs to
 be written.)

Thanks for any help you can provide.


More information about the samba-technical mailing list