cancel
Showing results for 
Search instead for 
Did you mean: 

Samba

Mark Parsons
Valued Contributor

Samba

Hi All - Quick question. Is there anyway that when a user first invokes Samba to map to a network share that they are asked to change their (samba) password.

I've got a whole bunch of (samba) users who all have been given the same password and I want them to have to change it to one of their own choosing upon first login.

Kind Regards,

Mark Parsons
11 REPLIES
Glenn S. Davidson
Trusted Contributor

Re: Samba

If you are using tdbsam then you can do this with pdbedit.

What additional configuration information can you give?

Conformity Destroys a mans initiative and independence. It supresses his powerful inner drive to do his own thing.
Taifur
Respected Contributor

Re: Samba

Suraj K Sankari
Honored Contributor

Re: Samba

Hi,

I asked my user to login into the box with there unix passwd and give smbpasswd and change there samba passwd.

[surajks@rspc521 surajks]$ smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
Password changed for user surajks
[surajks@rspc521 surajks]$


Suraj
Mark Parsons
Valued Contributor

Re: Samba

Hi all again, It is just a simple Samba installation on an HPUX 11.11 box. We map a Unix folder as a shared drive onto the users laptop. The user has a Unix password and a Samba password. Is there anything that we can implement to make the user change the password the first time they map the share.
eric roseme
Respected Contributor

Re: Samba

Hi Mark,

I assume that you have a Samba PDC (security = user) with a passdb backend of tdbsam or ldapsam. If so, then you set domain policies with pdbedit. I believe that you have to set the "user must change password" attribute *and* the "password age" attribute to 0 (for each user) to make it happen at the next logon.

Have you already tried this and it did not work?

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing

I think it's:

pdbedit -P "maximum password age" -C value
pdbedit -u user --pwd-must-change-time 0

Mark Parsons
Valued Contributor

Re: Samba

Eric,

Yes I have tried that - this is a one off password change for the users. They all have the same password at the beginning (there are about 100 users) and I want them to change the password upon their first login to the relevant share. That is the only time they should change their password. They are not logging into the HP box but from their laptop when mapping the share. Can this be done when they are asked for their user id / password when mapping the network drive to the unix folder via the users laptop.

Cheers,

Mark P.
Mark Parsons
Valued Contributor

Re: Samba

Please find screenshot attachment that shows exactly what I am trying to achieve:
Heironimus
Honored Contributor

Re: Samba

I'm not sure that Windows can a password change when it's just mounting a share, regardless of what server software you're using.
eric roseme
Respected Contributor

Re: Samba

I have been guessing about how you have your server set up. In this thread (http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1311403) I was guessing domain, in the current thread I was guessing user, but now maybe it looks like server. How about posting your smb.conf?

In any case, a client can change their domain password when logging into the domain (a Windows domain or a Samba domain). Assuming (now) that you are using "server" and your Samba server is not joined to the domain (of the client), then I don't know how a client would change a password (smbpasswd) when mounting a share.

Eric
Mark Parsons
Valued Contributor

Re: Samba

Hi Eric,

We have security set to USER (which obviously doesn't appear in the smb.conf file)

Mark P.
eric roseme
Respected Contributor

Re: Samba

Hi Mark,
If "security = user", then your Samba server is a PDC/BDC in a Samba domain, and the client should have to logon to the domain for authentication. At domain logon time is when the password change is prompted for, not at the share mount. If you have changed the policies with pdbedit, then the client needs to logoff the domain and log back on to make the change. I do not know of a way to prompt for a new password in a domain when the client is already logged on.

Eric