[Samba] `samba-tool user create --must-change-at-next-login my_user` doesn't appear to work on W10
Patrick Goetz
pgoetz at math.utexas.edu
Sun Oct 31 13:23:58 UTC 2021
Thanks, Roland. I always appreciate your help. I tried it both ways
(with option before and after the new user name). Same outcome.
But I figured out what was going wrong. The command line order of the
option doesn't matter. I've was creating users like this:
# samba-tool user create dilbert --must-change-at-next-login
# samba-tool user setexpiry dilbert --noexpiry
Setting the password expiration to no expiration seems to interfere with
the reset password requirement.
If I just create a user like this:
# samba-tool user create dolbert --must-change-at-next-login
or
# samba-tool user create --must-change-at-next-login dulbert
Then W10 demands a password change before allowing the user to log in.
On the one hand I can see why this might work this way, but it's not
logically correct. Requiring a change of password on first login is
entirely independent of whether passwords should expire or not.
On 10/31/21 04:10, Rowland Penny via samba wrote:
> On Sat, 2021-10-30 at 17:32 -0500, Patrick Goetz via samba wrote:
>> I created a user my_user as so:
>>
>> samba-tool user create --must-change-at-next-login my_user
>>
>> But in logging in on a domain-joined Windows 10 machine as my_user,
>> it
>> never asked me to change my password. I tried logging out and
>> logging
>> back in multiple times.
>>
>> Am I missing some trick?
>
> The usage is samba-tool user create <username> [<password>] [options]
> You appear to have used: samba-tool user create [options] <username>
> Not sure if this has any bearing though. Ultimately adding --must-
> change-at-next-login sets the users pwdLastSet attribute to 0, so you
> could check if this is happening.
>
> Rowland
>
>
>
More information about the samba
mailing list