password change on WinXP

Conrad Lawes pxeboot at
Thu Jun 15 14:49:27 GMT 2006

Windows XP  and Samba are working as expected.  You would see the same
result if your server was a Windows NT or Win2k box.

In the Windows  world,  a user can have 2 accounts: one that resides locally
on the workstation and another on the domain controller.   Both accounts are
distinct and separate from each other.   This means that  changes made to
the local account has no impact or influence on the domain account and visa

As a system administrator, you must choose ONE account.  Having users with
both accounts  will, undoubtably,  make your job more difficult as you are
seeing now.   Domain accounts are must easier to manage.  An experienced
system administrator will always choose domain-based user accounts unless
there's a compelling reason to do otherwise.

In my case, end users do not have local accounts on their Windows desktops.
This ensures that every end user MUST log onto the Samba domain.  This also
means that they (and myself) only have one password to worry about.
Furthermore, any password change is automatically updated on the Samba

Some the benefits of domain-based user accounts:

   - Centralized management.e.g. the system admin can reset or disable a
   users account without having to physically access that user's workstation.
   - Roaming profiles
   - Login scripts
   - Folder redirection
   - Ease of software installation - you can leverage login scripts to
   automate this process.
   - Sharing of resources - DVD, CD and printers can be shared easily
   - Security
   - Data protection - a failed workstation does not necessarily mean
   lost data if roaming profile and folder redirection are implemented

On 6/15/06, Petteri Larjos <pla at> wrote:
> We have samba (3.0.22) configured as 'standalone server' type and
> security mode is 'user'. I have configured 'smb.conf' so that windows xp
> users may change their passwords from windows box (using ctrl+alt+del)
> and I got it work (regardless some sources which say that is not
> possible with standalone server). The remaining problem is that now
> users should specify a host to log on in 'change password' dialog box to
> make it work. There is field called 'log on to' which defaults to local
> computer name (for example 'MYXP (this computer)'). If user changes 'log
> on to' value to name of our samba server or workgroup name and completes
> rest of the fields then passwords are changed on server side
> (sambapassword and linux password) but local password remains the old.
> On the other hand if the 'log on to' field value is local computer name,
> then only local password is changed (not samba).
> Is there any way to combine the process so that passwords on both sides
> are changed (server and client)? Is there any utility program which we
> could use as a workaround? Am I still missing something on samba side or
> is this windows xp related problem?
> I would like to keep our samba simple as possible, so PDC server type is
> out of the question.
> regards,
> Petteri
> --
> Petteri Larjos                             /"\
> 609 90225,050-5587347                      \ /  ASCII Ribbon Campaign
> ETLA                                        X  -NO HTML/RTF in e-mail
>                                            / \ -NO Word docs in e-mail

Conrad Lawes
PXE Guru
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the smb-clients mailing list