[Samba] Samba3 + smbldap-tools & smbpasswd

Dan Slatford dan.samba at foxhosts.co.uk
Wed Sep 15 14:45:32 GMT 2004

On Wed, 2004-09-15 at 15:14, rruegner wrote:
> Hi Dan,
> passwd program = /usr/local/sbin/smbldap-passwd.pl "%u"
> should do the job ( password change )

Ahh. This is what I thought, so tried that too. However, it seems
'passwd program' is only for changing the unix password, not the windows
passwords. It has no effect if 'unix password sync' is disabled, which
I'm not using since 'ldap passwd sync = Yes' does the same thing with

If I enable unix password sync along with your suggestion, I can't
change passwords at all then. Windows moans that "You do not have
permission to change your password". I don't know why, samba calls as
root the smbldap-passwd script as root just fine yet the password isn't
updated. If I run it manually in just the same way it works! I presume
it has something to do with samba also trying to change the windows
passwords in ldap it's own way in addition to the script it runs.

Anyway, it seems password program wasn't intended to be used in his way,
but for changing unix passwords only.

> i am not sure if
> sambaPwdMustChange works , but if it does it works only with ldap
> this value can be changed by usrmgr, which writes
> to the ldap attribute in the directory.

This gets interesting too.

If I set the password to not expire, I see the X appear in that users

sambaAcctFlags: [UX         ]

Yet Windows (XP SP2) still prompts for a password change in one day when
I log in. If I set the account expiration date in usermgr.exe then
sambaPwdMustChange is not updated. (But I don't know if that's suppose
to work).

It all seems so horribly broken :(


More information about the samba mailing list