[Samba] parameter "Password must change" doesn't work correctly

amit kumar amitkuma at redhat.com
Thu Apr 6 05:19:27 UTC 2017


Can you please provide your setup details.

1. Is share located on windows.
2. Have you setted 'password change at next login for AD users'
3. Are you trying to access windows-samba-share from windows
client/linux client.


On 04/05/2017 08:46 PM, Marc Muehlfeld via samba wrote:
> Hi Petr,
> Am 05.04.2017 um 09:30 schrieb PeSe via samba:
>> I have problem with samba in AD domain mode. When I change parameter
>> "Password must change" to 0 for some users windows doesn't open
>> dialog for
>> password changing during first login. User login to windows with expired
>> password and cannot open network shares.
> I cannot confirm this using Windows 10 and Samba 4.6.0:
> I set pwdLastSet to 0 and when the user tries to log in, he must
> change the password. If you press "Cancel", you are back at the login.
> http://picpaste.de/pics/screenshot-v3Kcu3Ej.1491404762.png
> You said "...for some users...". If this does not happen for all, the
> next step is to find out what differs in the user attributes. To
> display all attributes of a user, enter on a Samba DC:
> # ldbsearch -H /usr/local/samba/private/sam.ldb
> 'sAMAccountName=user_name'
> Compare a working and a non-working account.
>> pdbedit list of problem user
> This utility is not really compatible with AD. Especially not if you
> try to set something. :-)
> Did you use pdbedit to set this flag? Then I'm sure this is the cause.
> Instead use:
> # ldbedit -H /usr/local/samba/private/sam.ldb 'sAMAccountName=user_name'
> or RSAT, or any LDAP client.
> Regards,
> Marc

Amit Kumar
There are three ways to get something done:
  (1) Do it yourself.
  (2) Hire someone to do it for you.
  (3) Forbid your kids to do it.

More information about the samba mailing list