Forcing Windows Password Change

Andrew Bartlett abartlet at
Mon Sep 24 01:14:04 GMT 2001

Thomas E Bruno wrote:
> On Sat, 2001-09-22 at 21:45, Andrew Bartlett wrote:
> > Thomas E Bruno wrote:
> > >
> > > I would like to know if there is a way, and how to accomplish this very
> > > simple task:
> > >
> > > Can samba force clients to change thier passwords from windows. Like the
> > > NT way "Your password has expired, please type new password" etc...
> > >
> > > If there is not support, why isn't there?  this seems to me to be one
> > > large feature of a PDC!! Especially when removing a winNT/2000 server
> > > and placing a linux/samba server in it's place!
> >
> > I beleive this code is available in Samba 2.2.1a.  Simply ensure that
> > unix/samba passwords are kept in sync and that 'enable pam restrictions'
> > is 'yes'.  Then just do normal password expiry on your unix accounts,
> > and Samba will enforce this during the domain logon process.
> >
> This solution worked to a point. Now it at least tells me bad password (Because the account has been disabled.
> But it does not let the windows machine change the password.
> All that happens is the account expires, and is diabled... the password is not reset.

Is this for file-share connects or domain logons?  Last I checked (which
was a while ago), it worked for domain logons.  What version of samba
are you using?

When I put this code togeather I was using NT4, and it would pop-up a
dialog box during the domain logon telling me my password was expired
and asking for a new password.

Unfortunetly we can't do this for file-share connects, due to protocol

Hope this helps,

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Samba Team member, Build Farm maintainer        abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba mailing list