Fix for change password , samba-3.0. 3rc1

Jianliang Lu at
Thu Apr 22 16:13:46 GMT 2004

I resubmit this fix for Samba-3.0.3rc1 because it's important for change 
password and logon process. 
The symptom of the problem is: an user is created with usrmgr and the "must 
change password at next logon" was checked, so the user should change his 
password at next logon, but if the account policy "minimum password age" is 
imposed and the change password is not allowed immediately, the change 
password will be failed and he cannot log onto domain.

Another problem is the return NT_STATUS code for "min password age" 
violation, it should be "The password on this account cannot be changed at 
this time" (NT_STATUS_ACCOUNT_RESTRICTION (0xC0000000 | 0x006e)), and 
not "You new password does not meet the minimum length or password 
history........" (NT_STATUS_PASSWORD_RESTRICTION (0xC0000000 | 0x006c)).

--- smbd/chgpasswd.c.orig   Thu Apr 22 10:40:59 2004
+++ smbd/chgpasswd.c    Thu Apr 22 10:39:26 2004
@@ -946,10 +946,10 @@
  BOOL ret;
  uint32 min_len;

-   if ((time(NULL) < pdb_get_pass_can_change_time(hnd)) && 
time(hnd) != 0)) {
+   if (time(NULL) < pdb_get_pass_can_change_time(hnd)) {
      DEBUG(1, ("user %s cannot change password now, must wait until %s\n",
            pdb_get_username(hnd), http_timestring

  if (account_policy_get(AP_MIN_PASSWORD_LEN, &min_len) && (strlen
(new_passwd) < min
_len)) {


Jianliang Lu
TieSse s.p.a.     Ivrea (To) - Italy at   luj at

More information about the samba-technical mailing list