Not much help here, but it does work perfectly with LDAP backend (via pwdMustChange attribute).
> Sauro Saltini wrote: > > Hi, everybody. > I've read many posts about forcing users to change their passwords at > logon time from windows clients, but still I can't make it work. > > I've set up a Samba PDC with the latest stable version (2.2.6) of > samba and configured it to do Unix password syncing through PAM. > Then I've set up Unix passwords with the right aging parameters and > all works fine in Unix (I've got logon messages about password > expiration and I'm forced to change password after expiration time) > > From a Win2K client I can't get it work : > - the account is enabled until password expiry and I have no kind of > notification about the expiration of password.... > - then a nice day the password really expires and, instead of been > forced to change it, the user is simply LOCKED OUT (account disabled) > > Note that in UNIX the user is still active as I've set a long Interval > beetwen pwd expiry and account locking ! > > The only functionality needed is a correct expiration / change-forcing > behaviour from Win2K, so I don't want to use LDAP as i think Samba + > PAM might be sufficient for this. > > It seems there's something wrong (or simply limited) with PAM <-> > Samba interaction when managing account restrictions. > > So the final questions are : > 1) Is it possible to make Samba force a password change request at > client side during logon due to PAM account restrictions ? > 2) If YES : where I've gone wrong ? > 3) If NO : Is there a stable/production alternative for password > expiry in Samba? > > Many thanks in advance. > > Sorry for my english. > > Sauro Saltini -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba