[Samba] Password Resets as root

John P Janosik jpjanosi at us.ibm.com
Mon Jul 11 09:45:21 MDT 2011

I've got a cluster of Samba servers with security=user and a ctdb passdb 
backend.  I need to keep the passwords for the users in sync with another 
system, which will pass me userid and password for each change and reset. 
My question is what is the simplest way to do the password reset for a 
user as root on one of the Samba servers.  I need to allow the user to 
change their password immediately after reset despite the presence of a 
minimum password age policy in the case of reset.  It seems windows does 
this by setting one of the password time fields to 0 to mean "password 
must change at next login" for this case.  If I use "smbpasswd -s" as root 
the password is changed as I want, but the user cannot change the password 
until the next day.  I didn't see a way to set this flag via any of the 
Samba tools as root.

I was able to get this working via rpcclient by mimicking an admin 
password reset from a Windows machine, but this required having access to 
the password for an admin account available to the automation. 

I ended up patching pdbedit to add a new option "  -Y, --pw-must-change    
     set password must change flag" and call this after setting the pw. 
Does anyone know if there is another way to accomplish this so I don't 
have to patch Samba at each release?  If there is no way with the current 
tools would a patch be accepted to add this?


John Janosik
jpjanosi at us.ibm.com

More information about the samba mailing list