I have samba setup to use an external password change command using: [global] ... unix password sync = Yes ldap password sync = No passwd program = /path/to/smbldap-passwd -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n
I use the Idealx smbldap-passwd command to update my LDAP database and everything works fine. I decided to modify the smbldap-passwd script to check for bad passwords. I used CPAN's Data::Password module to do this. However I have one issue with this, if the user enters a bad password I have the script return an exit code of 10 (because that's what the Idealx script does in other places to indicate an error) but when the end user changes their windows password with CTRL-ALT-DELETE -> Change Password it works fine if the password validates okay, but if it fails validation windows returns with a very misleading "you do not have permission to change your password". I did some experimentation to see if changing the exit code in the smbldap-passwd script had any effect, but it doesn't seem to. Is there some way to get windows to return a more reasonable error message when this script fails? Or does someone else have a better way of accomplishing this same goal? -- James Holmes RTDS Technologies Inc. (204) 989-9706 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba