samba-tool user setpassword and --must-change-at-next-login

Rowland Penny repenny241155 at
Thu Jan 14 22:29:06 UTC 2016

OK, I have been looking at bug 9579 - samba-tool 
--must-change-at-next-login doesn't work,

Can anybody explain why if you use samba-tool to set a password along 
with the '--must-change-at-next-login' option it does this:

It uses the username to obtain the users dn: and with this sets the 
password, so far so good.

What it does next is what I cannot understand, 
'force_password_change_at_next_login' is called with 
"(distinguishedName=" + str(user_dn) )". This filter is used to search 
for the users dn ???? and this is then used in an ldif to set 
'pwdLastSet' to 0. I can understand why 
'force_password_change_at_next_login' is a separate routine, I just 
cannot get my head around sending it something that leads to another 
search and the result is the very thing you created the search filter 
with, or am I missing something here ?


More information about the samba-technical mailing list