[Samba] Changing passwords from Windows

Thierry Lacoste lacoste at u-pec.fr
Fri Jan 28 01:47:12 MST 2011

On 27 janv. 11, at 16:55, TAKAHASHI Motonobu wrote:

> 2011/1/26 Joe Tseng <joe_tseng at hotmail.com>:
>> Is it possible for a user to change his/her password from Windows?   
>> I tried it
>> out last night as a test user against my PDC and it only changed  
>> for Samba; I
>> was still able to log into the PDC via SSH using the previous  
>> password.  (I
>> changed it for the test user as root and it took for both SSH and  
>> Windows.)
> Set "ldap password sync = yes"  in LDAP environment or set "unix
> password sync = yes"
> and "pam password change = yes" in normal environment with PAM  
> enabled.
>> I tried to use smbldap-passwd as the test user, but I got a message  
>> back saying
>> I had insufficient privileges:
> Have you set "by self write" to both sambaLMPassword and  
> sambaNTPassword?
AFAICT this is not needed. The user never accesses theses hashes for  
The samba "ldap admin dn" and the smbldap-tools "masterDN" need write  
access to them.

I believe the smbldap-tools "masterDN" (and probably the samba "ldap  
admin dn") also needs write access to :
- sambaPwdLastSet
- sambaPwdCanChange
- sambaPwdMustChange
- sambaAcctFlags


More information about the samba mailing list