[Samba] Forcing Password change from Win2k client

[Sauro Saltini]

Hi, everybody. I've read many posts about forcing users to change their passwords at logon time from windows clients, but still I can't make it work.   I've set up a Samba PDC with the latest stable version (2.2.6) of samba and configured it to do Unix password syncing through PAM. Then I've set up Unix passwords with the right aging parameters and all works fine in Unix (I've got logon messages about password expiration and I'm forced to change password after expiration time)   From a Win2K client I can't get it work : - the account is enabled until password expiry and I have no kind of notification about the expiration of password.... - then a nice day the password really expires and, instead of been forced to change it, the user is simply LOCKED OUT (account disabled)   Note that in UNIX the user is still active as I've set a long Interval beetwen pwd expiry and account locking !   The only functionality needed is a correct expiration / change-forcing behaviour from Win2K, so I don't want to use LDAP as i think Samba + PAM might be sufficient for this.   It seems there's something wrong (or simply limited) with PAM <-> Samba interaction when managing account restrictions.   So the final questions are : 1) Is it possible to make Samba force a password change request at client side during logon due to PAM account restrictions ? 2) If YES : where I've gone wrong ? 3) If NO : Is there a stable/production alternative for password expiry in Samba?   Many thanks in advance.   Sorry for my english.   Sauro Saltini