[Samba] Howto force all users of a samba domain controller to change their password ?

BOURIAUD david.bouriaud at ac-rouen.fr
Tue Feb 17 10:33:19 GMT 2009

Hi !
I'still running a samba domain controller on a rhel 5 machine, so it is 
version samba-3.0.33-3.7.el5. Users and accounts are still stored in a ldap 
database and everything works fine.
Now that my setup is complete, I'd like to 
- force every user of the domain to change their password the next time they 
open a session on their workstation
- be sure that the password is complex enough
- have it that they don't put the same password as the old one.
I've read many a thing about those topics, and tryed many things, but so far I 
haven't found anything very usefull.
Somewhere I've read that there were modifications to be done using pdbedit so 
as to set the next time the password must be changed. I've tryed on my 
account, it doesn't work as I expected it to do : the password is valid for 
the time passed as an argument, and that's not what I want.
Next, I've read about a cracklib-checker that can be called via the smb.conf 
file, but I don't have this cracklib-checker installed on my system, and I 
don't really know where to find it.
Thanks in advance for any help provided.

P.S. I've searched the docs on samba.org, but I haven't found anything 
relevant, and searching the web with "samba force user change password" gives 
many results that don't cover what I'm searching for.

More information about the samba mailing list