[Samba] nt/2000 password has expired

IOhannes zmoelnig zmoelnig at iem.at
Wed Jun 12 03:01:02 GMT 2002

Ian Campbell wrote:
> Hi,
> Primary Domain Controller. Everything works fine, however, everytime 
> that Windows NT or 2000 clients log onto the domain they get a message 
> stating that their password has expired and asking them if they want to 
> change it. It doesn't matter if you answer Yes and change it or answer 
> No and just continue on, the message appears everytime.
> Has anyone seen this before? Can anyone offer any advice.
i have had the same problem.
it seems, that the pwdMustChange-value is by default set to 0.
when using ldap, you can set this to something not so annoying, like
2147483647 (which is some 2*10^9 seconds after 1970 -- which in turn is 
somewhere in the far future)

but of course, this is a dirty workaround too and you have to use ldap.
i do not know, where (whether) the pwdMustChange is stored in the 
smbpasswd file. the man page indicates  that it is not stored, only a 
pwdLastSet-value. i think this has no effect on your problem but go and try.

in addition, i do not know how to enable a real password expiry (which 
might prove usefule sometimes...)


> thanks,
> Ian

More information about the samba mailing list