[Samba] how to apply "user must change password at next logon" and "expire password"

Guido Lorenzutti guido at lorenzutti.com.ar
Sat Apr 30 02:00:42 GMT 2005

Tony Earnshaw wrote:

>fre, 29.04.2005 kl. 06.57 skrev Guido Lorenzutti:
>>Hi people, i was experimenting with the pdbedit and i found the "user 
>>must change password at next logon". The thing i wan't able to make it 
>>work. I just can login and im not asked to change my password! How's that?
>Samba version? OS? It all works for me with 3.0.11 and RHS3, OpenLDAP
>2.2.24, after much experimentation. In fact, it all works *too* well and
>you have to Google to find Jerry carter's annotated code remarks to help
>change things back, when you've been frigging about and users never get
>to get to logon again until you've fixed your own mistakes, caused by
>lack of clearness in the man page.
>What are the following supposed to mean in clear English?
>- reset count minutes
>- disconnect time
>- user must logon to  change  password
>- bad lockout attempt
Well... i found the solution. Im using the latest samba on linux. I use
tdbsam as passdb backend.
The trick was:

pdbedit -u user --pwd-must-change-time 0

Now this force the user to change the password at next logon! But first,
you must tell pdbedit that he must enforce the policy to force the user
from this time every 30 days.

pdbedit -P "maximum password age" -C value

Where VALUE is in unix time....

More unfriendly and undocumented impossible. I just found ZERO answears
to this on google to this commands. But they work sooo good.

More information about the samba mailing list