[Samba] How to prevent users from changing their password?

Matthieu Patou mat at samba.org
Mon Sep 29 17:58:35 MDT 2014

On 09/29/2014 07:20 AM, Roel van Meer wrote:
> Hi list,
> With Samba 4 in AD mode, how can I prevent users from changing their 
> password?
> I have a working samba 4 AD. I can, with the ADUC, set the "User 
> cannot change password" flag in the account options. However, I would 
> like to be able to do so without using the ADUC.
> The other account options can be managed directly in LDAP, by setting 
> the USERACCOUNTCONTROL attribute mostly. 

> However, according to http://support.microsoft.com/kb/305144, this is 
> not possible for the "User cannot change password" flag.
This is possible but you need to do it with an admin, as for the value 
itself, I would recommend doing ldbsearch on a user before setting the 
value and then after (using aduc) to see which fields you have to change 
and to which value.

Once you know the value scripting this should be fairly easy, you can 
modify samba-tool to do it for you.


Matthieu Patou
Samba Team

More information about the samba mailing list