[Samba] `samba-tool user create --must-change-at-next-login my_user` doesn't appear to work on W10

Rowland Penny rpenny at samba.org
Sun Oct 31 13:35:32 UTC 2021

On Sun, 2021-10-31 at 08:23 -0500, Patrick Goetz via samba wrote:
> Thanks, Roland. I always appreciate your help. I tried it both ways 
> (with option before and after the new user name). Same outcome.
> But I figured out what was going wrong. The command line order of
> the 
> option doesn't matter.  I've was creating users like this:
>   # samba-tool user create dilbert --must-change-at-next-login
>   # samba-tool user setexpiry dilbert --noexpiry
> Setting the password expiration to no expiration seems to interfere
> with 
> the reset password requirement.
> If I just create a user like this:
>   # samba-tool user create dolbert --must-change-at-next-login
> or
>   # samba-tool user create --must-change-at-next-login dulbert
> Then W10 demands a password change before allowing the user to log
> in.
> On the one hand I can see why this might work this way, but it's not 
> logically correct. Requiring a change of password on first login is 
> entirely independent of whether passwords should expire or not.

If you think it is illogical, take that up with Microsoft. You are
basically saying 'Expire this users password, but never expire this
users password'.


More information about the samba mailing list