[Samba] Samba3 + smbldap-tools & smbpasswd

Dan Slatford dan.samba at foxhosts.co.uk
Wed Sep 15 13:29:36 GMT 2004

I've been fiddling lately with Samba 3 coupled with openldap, nss_ldap,
pam_ldap and the smbldap-tools to create a PDC.

Following various examples, most things work, but I have an issue with
changing passwords from Windows.

If I manually change a password with smbldap-passwd, the script
correctly adjusts the sambaPwdMustChange attribute according to what
defaultMaxPasswordAge is set to.

If I change the password through Windows, Samba presumably uses
smbpasswd, because the sambaPwdMustChange attribute is then somehow set
to only 2 days into the future. The same thing happens if I run
smbpasswd manually. As a simple hack I even tried symlinking
/usr/bin/smbpasswd to /use/local/sbin/smbldap-passwd, but samba *still*
used it's own mechanism, which always ends up in sambaPwdMustChange
being just a couple of days ahead.

Meaning of course, if users will ever change their own passwords, the
ldap record will manually need fixing. Is there a way I can get samba to
use only the smbldap-passwd script or otherwise fix this so 
sambaPwdMustChange is set to defaultMaxPasswordAge from the
smbldap-tools conf file, or at least something further ahead in the
future than two days?


More information about the samba mailing list