Koozali.org: home of the SME Server

Force password change at first/next logon?

Patrick Basile

Force password change at first/next logon?
« on: September 25, 2001, 08:12:32 AM »
Hello everyone,

Just a quick question.  (sorry if this is stupid or simple, but it's been a long day)

I have my e-smith box setup as an NT PDC.  Is there a way to force a user to change his/her password at first/next logon?  I know this can be done on an NT4 server.

Thanks.

Regards,
Patrick

Patrick Basile

Re: Force password change at first/next logon?
« Reply #1 on: September 26, 2001, 06:14:46 PM »
Hello,

Again, like my other "newbie" post, I guess this is too basic for responses.  :)  I'll dig around and get the answer, and post it here for those that follow in my steps.

Regards,
Patrick

Offline tariqf

  • ****
  • 179
  • +0/-0
Force password change at first/next logon?
« Reply #2 on: May 12, 2007, 08:19:36 PM »
anyone know how to do this? I really need to be able to force a password change wither on XP logon or webmail logon.

mosotho

Force password change at first/next logon?
« Reply #3 on: June 05, 2007, 11:42:45 AM »
This is something that most of us want. Should the issue go into the feature requests or is there a way to do it?

Offline Confucius

  • ****
  • 235
  • +0/-0
Force password change at first/next logon?
« Reply #4 on: June 05, 2007, 12:00:10 PM »
On the prompt you could use a line like :

Code: [Select]
passwd -x 0 <userid>

-x <value>

Set maximum field for name. The max field contains the number of days that the password is valid for name. The aging for name will be turned off immediately if max is set to -1. If it is set to 0, then the user is forced to change the password at the next login session and aging is turned off.

another option:

-f

Force the user to change password at the next login by expiring the password for name.

Offline tariqf

  • ****
  • 179
  • +0/-0
Force password change at first/next logon?
« Reply #5 on: June 05, 2007, 12:22:44 PM »
Ok I tried both

passwd -x 0 user

and

passwd -x -1 user

but when I log into xp it does not ask me to change the password. Surely passwd changes t
e linux user and not the samba one? Also passwd -f just asks for a new password at the command prompt on the server.

Any ideas?

Offline Confucius

  • ****
  • 235
  • +0/-0
Force password change at first/next logon?
« Reply #6 on: June 05, 2007, 12:50:51 PM »
Didn't think clear...

Checked smbpasswd options... can't see any possibility to enforce this option. So it should become an option where PAM is forcing the user to the change the password and samba will follow the change.

I don't see any possibilities to do this quickly.

Offline tariqf

  • ****
  • 179
  • +0/-0
Force password change at first/next logon?
« Reply #7 on: June 05, 2007, 01:11:36 PM »
ok after some googling I have found that you can supposedly use

pdbedit --pwd-must-change-time=0 -u username

but this does not appear to work on my sme box

Offline Confucius

  • ****
  • 235
  • +0/-0
Force password change at first/next logon?
« Reply #8 on: June 05, 2007, 01:48:45 PM »
what about this style ?

Code: [Select]
pdbedit -P "maximum password age" -C 0 -u <username>

Offline tariqf

  • ****
  • 179
  • +0/-0
Force password change at first/next logon?
« Reply #9 on: June 05, 2007, 01:55:32 PM »
pdbedit -P "maximum password age" -C 0 -u test
Incompatible or insufficient options on command line!

Offline tariqf

  • ****
  • 179
  • +0/-0
Force password change at first/next logon?
« Reply #10 on: June 05, 2007, 02:02:31 PM »
ok I have found out why the pdbedit doesnt work. it requires you to have the samba passwd backend to be tdbsam and sme uses smbpasswd

anyone know if it's ok to upgrade sme to use tdbsam by changing smb.conf template and also using

pdbedit -i smbpasswd -e tdbsam

?

Offline tariqf

  • ****
  • 179
  • +0/-0
Force password change at first/next logon?
« Reply #11 on: June 05, 2007, 02:18:25 PM »
ok someone has already done this... going to test it on a vm...

http://forums.contribs.org/index.php?topic=34674.0