[Samba] remote password change, if password is expired

Denis Cardon dcardon at tranquil.it
Tue Mar 27 10:57:14 UTC 2018

Hi Peer-Joachim,

> we have a couple of users which "forget" to change the passwords even if
> they get an reminder.
> Normally we tell them to use a windows machine, where you can change
> your password if it's expired.
> But how can a remote user change his password if it's expired ?
> Is there any secure solution for this  ?

"Normally we tell them to use a windows machine" -> so I'll assume you 
are on a Linux machine. I think you'll have to do your expired password 
update through an LDAP query. You can get some inspiration from this 
page [1] or from the bugzilla entry [2] of the recent security issue. In 
any case you'll need to have SSL, and I guess a valid (from your desktop 
point of view) certificate on your DC, to use this type of LDAP query.



[1] https://www.cs.bham.ac.uk/~smp/resources/ad-passwds/
[2] https://bugzilla.samba.org/show_bug.cgi?id=13272#c1

Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0)

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr

More information about the samba mailing list