[Samba] How to prevent users from changing their password?
mat at samba.org
Mon Sep 29 17:58:35 MDT 2014
On 09/29/2014 07:20 AM, Roel van Meer wrote:
> Hi list,
> With Samba 4 in AD mode, how can I prevent users from changing their
> I have a working samba 4 AD. I can, with the ADUC, set the "User
> cannot change password" flag in the account options. However, I would
> like to be able to do so without using the ADUC.
> The other account options can be managed directly in LDAP, by setting
> the USERACCOUNTCONTROL attribute mostly.
> However, according to http://support.microsoft.com/kb/305144, this is
> not possible for the "User cannot change password" flag.
This is possible but you need to do it with an admin, as for the value
itself, I would recommend doing ldbsearch on a user before setting the
value and then after (using aduc) to see which fields you have to change
and to which value.
Once you know the value scripting this should be fairly easy, you can
modify samba-tool to do it for you.
More information about the samba