Changing domain passwords

Andrew Bartlett abartlet at
Tue May 28 15:41:47 GMT 2002

> James Willard wrote:
> Hello all,
> I'm trying to use smbpasswd to change the password for a user who's a
> member
> of an Active Directory domain (running in NT domain compatibility
> mode). 

> The problem is that I need to be able to change a users' password AS
> another user with administrator rights. Users have the ability to
> change their own password disabled so that they must use the web
> interface. With rpcclient from samba-tng, I could connect to IPC$ as
> administrator and then use "ntpass <user>" to change their password.
> Is there an alternative method in the newer AD-aware versions of
> Samba? Its rpcclient no longer has the 'ntpass' command and smbpasswd
> doesn't support connecting as another user, from what I can tell.

Look at the 'net ads password' command in HEAD.  This works against AD
nativly - doing the password change over kerberos protocols.

Sorry, the doco is a bit lacking at this stage.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list