[Samba] Password Resets as root
John P Janosik
jpjanosi at us.ibm.com
Mon Jul 11 09:45:21 MDT 2011
I've got a cluster of Samba servers with security=user and a ctdb passdb
backend. I need to keep the passwords for the users in sync with another
system, which will pass me userid and password for each change and reset.
My question is what is the simplest way to do the password reset for a
user as root on one of the Samba servers. I need to allow the user to
change their password immediately after reset despite the presence of a
minimum password age policy in the case of reset. It seems windows does
this by setting one of the password time fields to 0 to mean "password
must change at next login" for this case. If I use "smbpasswd -s" as root
the password is changed as I want, but the user cannot change the password
until the next day. I didn't see a way to set this flag via any of the
Samba tools as root.
I was able to get this working via rpcclient by mimicking an admin
password reset from a Windows machine, but this required having access to
the password for an admin account available to the automation.
I ended up patching pdbedit to add a new option " -Y, --pw-must-change
set password must change flag" and call this after setting the pw.
Does anyone know if there is another way to accomplish this so I don't
have to patch Samba at each release? If there is no way with the current
tools would a patch be accepted to add this?
Thanks,
John Janosik
jpjanosi at us.ibm.com
More information about the samba
mailing list