password change on WinXP

Petteri Larjos pla at
Sat Jun 17 20:37:46 GMT 2006

Thank you Conrad for answering. If I remember correctly the laptop users 
need two accounts (local and remote) even though samba is PDC or one 
could not logon when not connected to LAN. How this is handled? Far as I 
understand situation is much like as previously described. Almost half 
of our users are using a laptop. Seems that I am back on square one.


Conrad Lawes wrote:
> Windows XP  and Samba are working as expected.  You would see the same 
> result if your server was a Windows NT or Win2k box.
> In the Windows  world,  a user can have 2 accounts: one that resides 
> locally on the workstation and another on the domain controller.   Both 
> accounts are distinct and separate from each other.   This means that  
> changes made to the local account has no impact or influence on the 
> domain account and visa versa.
> As a system administrator, you must choose ONE account.  Having users 
> with both accounts  will, undoubtably,  make your job more difficult as 
> you are seeing now.   Domain accounts are must easier to manage.  An 
> experienced system administrator will always choose domain-based user 
> accounts unless there's a compelling reason to do otherwise. 
> In my case, end users do not have local accounts on their Windows 
> desktops.  This ensures that every end user MUST log onto the Samba 
> domain.  This also means that they (and myself) only have one password 
> to worry about.  Furthermore, any password change is automatically 
> updated on the Samba server.
> Some the benefits of domain-based user accounts:
>     * Centralized management.e.g. the system admin can reset or disable
>       a users account without having to physically access that user's
>       workstation.
>     * Roaming profiles
>     * Login scripts
>     * Folder redirection
>     * Ease of software installation - you can leverage login scripts to
>       automate this process.
>     * Sharing of resources - DVD, CD and printers can be shared easily
>     * Security
>     * Data protection - a failed workstation does not necessarily mean
>       lost data if roaming profile and folder redirection are
>       implemented properly.
> On 6/15/06, *Petteri Larjos* <pla at <mailto:pla at>> wrote:
>     We have samba (3.0.22) configured as 'standalone server' type and
>     security mode is 'user'. I have configured 'smb.conf' so that windows xp
>     users may change their passwords from windows box (using ctrl+alt+del)
>     and I got it work (regardless some sources which say that is not
>     possible with standalone server). The remaining problem is that now
>     users should specify a host to log on in 'change password' dialog box to
>     make it work. There is field called 'log on to' which defaults to local
>     computer name (for example 'MYXP (this computer)'). If user changes 'log
>     on to' value to name of our samba server or workgroup name and completes
>     rest of the fields then passwords are changed on server side
>     (sambapassword and linux password) but local password remains the old.
>     On the other hand if the 'log on to' field value is local computer name,
>     then only local password is changed (not samba).
>     Is there any way to combine the process so that passwords on both sides
>     are changed (server and client)? Is there any utility program which we
>     could use as a workaround? Am I still missing something on samba side or
>     is this windows xp related problem?
>     I would like to keep our samba simple as possible, so PDC server type is
>     out of the question.

More information about the smb-clients mailing list