[Samba] samba 2.2.3a with-ldapsam, pwdMustchange solved

Thomas Stegbauer tsmailing at tronicplanet.de
Fri Apr 26 10:11:02 GMT 2002

hi all,

some days ago there was a discussion, where the pwdMustChange attribute
was set to 0 to force the account to change the password at the next
logon. unfortunatly samba did not set back the pwdMustChange, so the
next time the user logs on, he needs again to change the password.

so we modified $SAMBASOURCE/examples/LDAP/ldapsync.pl to work with
openldap 2.0.x (with simplebind) and also to set back the pwdMustChange
attribute to 2147483647 (why that number)?

so if needed it can be included in the global section of smb.conf

unix password sync = Yes
passwd program = /usr/local/sbin/ldapsync.pl -o %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *modifying*

it uses right now all the system commands (ldapsearch and so on), so no
extra perl modules are needed for now.
the userpassword ist crypted (cause it was this way), maybe we change it
to use ssha passwords anytime.

and for creating the lmpasswords and ntpasswords it uses mkntpwd (it
needs no extra libraries as smbencrypt, are there other differences?)

the files can get downloaded at:


so far

# Thomas Stegbauer
# Tronicplanet Datendienst GmbH
# http://www.keyserver.de:11371/pks/lookup?op=get&search=0xFF837A1A

More information about the samba mailing list