[Samba] Force the user to change its password

Bruno Gimenes Pereti pereti at ump.edu.br
Tue Jan 14 11:47:00 GMT 2003

Maybe my configuration is incorrect but I can't do it. I'm using 
samba-2.7.7 and openldap-2.0.25-1 in a redhat-8.0 test machine.

When I run "smbldap-usermod -B 1 pereti" it sets pwdMustChange to 0 and 
when I try to logon it says (translating from portuguese):

"Your password exipires today. Do you want to change it now?"

Ok, it's the expected behave but if I answer Yes and try to change my 
password the message is (translating from portuguese):

"The system can not change your password because the domain LDAP is not 

(ps: LDAP is my domain name)

And in the log files I find:

[2003/01/14 09:36:12, 0] lib/util_sec.c:assert_gid(114)
   Failed to set gid privileges to (0,514) now set to (0,-1) uid=(0,999)
[2003/01/14 09:36:12, 0] lib/util.c:smb_panic(1094)
   PANIC: failed to set gid

And if I change my password with crtl+alt+del it don't change the value 
of pwdMustChange.

I you have the solution it would be great to use this feature.


Pascal Schelcher wrote:
> I know that it's possible when using Samba with LDAP.
> In the LDAP Schema, there is an attribut "pwdMustChange" that's force an 
> user to change its password.
> This attribut take 2 values :
> - 0 : user must change its password
> - 2147483647 : don't change
> Pascal.
> Raffaele Sandrini wrote:
>> Hi
>> I successfully set up a PDC using samba 2.2. It really works perfect!
>> I'd like to force all users to change their paswords on their first 
>> login. Is that possible? (On a M$ PDC this would be a special flag 
>> wich u have to activate)
>> cheers,
>> Raffaele

More information about the samba mailing list