[Samba] Cannot change expired password

Jason Baker jbaker at glastender.com
Wed Jan 31 16:20:22 GMT 2007

I should have checked log files before I posted. Anyway, here is some 
additional info.
I checked the log file for the machine I was trying to change the 
password on and here is what it says:

    [2007/01/31 10:28:06, 1] auth/auth_sam.c:sam_account_ok(178)
      sam_account_ok: Account for user 'test' password expired!.
    [2007/01/31 10:28:06, 1] auth/auth_sam.c:sam_account_ok(179)
      sam_account_ok: Password expired at 'Tue, 30 Jan 2007 10:09:38
    EST' (1170169778) unix time.
    [2007/01/31 10:28:19, 1] smbd/chgpasswd.c:change_oem_password(1040)
      user test cannot change password now, must wait until Wed, 07 Feb
    2007 10:09:38 EST

So the section where is says Password expired at Tue, 30 Jan 2007 is 
correct. A pdbedit -Lv username shows:

    Logoff time:          Mon, 18 Jan 2038 22:14:07 EST
    Kickoff time:         Thu, 31 Jan 2030 22:14:07 EST
    Password last set:    Wed, 31 Jan 2007 10:09:38 EST
    Password can change:  Mon, 01 Jan 2007 00:00:00 EST
    Password must change: Tue, 30 Jan 2007 10:09:38 EST

But the log file claims that the password cannot change until Friday Feb 
2, 2007, which is seven days from Password last set: Wed, 31 Jan 2007.
BUT...Password CAN CHANGE time says: Mon, 01 Jan 2007.
I do have Minimum Password Age set to 7 days, but shouldn't Password can 
change show a date 7 days from Password last set? For some reason 
pdbedit is not showing the correct information.
If I run pdbedit --pwd-can-change-time="<today's date"> 
--time-format="%Y-%m-%d", it will change the date to today, but will 
still be counting 7 days from Password last set. Is there a ways to 
alter Password last set?

*Jason Baker
*/IT Coordinator/

*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

On 1/31/2007 10:47 AM, Jason Baker wrote:
> I have a samba PDC set up and configured. I have been doing tests and 
> everything was working fine. I was able to set  "User must change 
> password" to today's date and it would prompt the user that their 
> password has expired when logging into windows xp. I could then enter 
> a new password and be on my way. Now when I set the password to "User 
> must change password", when I enter the new password twice I get:
>    The password on this account cannot be changed at this time.
> I'm not sure why it was working and now suddenly it isn't. Any thoughts?

More information about the samba mailing list