[Samba] [Urgent] Cannot make changes via pdbedit

Jason Baker jbaker at glastender.com
Wed Jul 18 16:32:04 GMT 2007

In case anyone was following this thread, I finally did find the solution.
Apparently you can no long expire a user's password by issuing the command:

    pdbedit --pwd-must-change-time...

If you want to require a user to change their password at next login, 
you need to issue the command:

    net sam set pwdmustchangenow <username> yes

This will ask the user to change their password the next time they 
attempt to login. The --pwd-must-change-time is actually reserved for 
the time when a password is set to expire by using policies (such as 
every 30 days, etc.).

*Jason Baker
*/IT Coordinator/

*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

Jason Baker wrote:
> I have been having some problems since I updated from Samba 3.0.23 to 
> 3.0.25b. I have installed the latest version of smbldap-tools but I am 
> still not able to make certain changes to a user's account. I have 
> created a new user named JROLFE.
> After I set up a new user, I will set it so they are required to 
> change their password when they first login. I usually do this through 
> LDAP Account Manager.
> I set User can change password to a date in the past and User must 
> change password to a date in the past. But for some reason it didn't 
> work. If I run pdbedit -Lv -u jrolfe, I get:
>    Password last set:    Mon, 01 Jan 2007 03:00:00 EST
>    Password can change:  Mon, 08 Jan 2007 03:00:00 EST
>    Password must change: never
> If I run ../smbldap-usershow jrolfe, I get:
>    sambaPwdCanChange: 1183795200
>    sambaPwdLastSet: 1167638400
>    sambaPwdMustChange: 1167638400
> The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 GMT 
> and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates do 
> not match between pdbedit and smbldap-tools.
> This is really causing a problem because I am trying to set up a new 
> user and cannot get his password to expire.

More information about the samba mailing list