Andrew, Thank you so much for your help. The "net ads password" command works beautifully in changing a users' AD password as an administrative user. However, there were a few "gotcha's" that weren't mentioned in the ADS-HOWTO.txt.
The first problem I ran into was that the RPM of OpenLDAP that came with RedHat 6 (version 1.2.9) doesn't pass the necessary ./configure tests to set HAVE_LDAP in include/config.h. That wasn't a big deal. I went to ftp.openldap.org, downloaded and compiled 2.0.23, and that problem was taken care of. The second problem took a little bit longer to figure out. When running "net ads password", I would receive a prompt for the new password, but as soon as I pressed 'enter' it would dump core. I traced it down to a krb5 library call. I was using the krb5 library that came with RedHat 6 (version 1.1.1). When I downloaded and compiled the latest version from MIT, version 1.2.5, things started working beautifully. Anyway, I just wanted to say thanks to the Samba team for such an incredible product, thanks to Andrew Bartlett for replying so quickly to my question, and hopefully offer a little help for those who might experience a similar problem in the future. By the way, is SWAT broken in the HEAD branch or is it just my configuration? Whenever I try to run it, it traps a SIGABRT and dies. The backtrace is as follows: #0 0x808e0d5 in lp_save_defaults () #1 0x808e468 in lp_load () #2 0x805ef4b in load_config () Thanks, James Willard [EMAIL PROTECTED] ----- Original Message ----- From: "Andrew Bartlett" <[EMAIL PROTECTED]> To: "James Willard" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, May 28, 2002 6:37 PM Subject: Re: Changing domain passwords > > James Willard wrote: > > > > Hello all, > > > > I'm trying to use smbpasswd to change the password for a user who's a > > member > > of an Active Directory domain (running in NT domain compatibility > > mode). > > > The problem is that I need to be able to change a users' password AS > > another user with administrator rights. Users have the ability to > > change their own password disabled so that they must use the web > > interface. With rpcclient from samba-tng, I could connect to IPC$ as > > administrator and then use "ntpass <user>" to change their password. > > Is there an alternative method in the newer AD-aware versions of > > Samba? Its rpcclient no longer has the 'ntpass' command and smbpasswd > > doesn't support connecting as another user, from what I can tell. > > Look at the 'net ads password' command in HEAD. This works against AD > nativly - doing the password change over kerberos protocols. > > Sorry, the doco is a bit lacking at this stage. > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net >