I'm fairly new to Samba and Linux but I've set up a testing server at work using Samba as a PDC and everything is working fine. One question though - if I create new users and initially set a password how can a windows client change his/her password without calling me to do it?

Thanks

I'm running a Samba server as a PDC using Samba 2.2.5. My Windows clients change their passwords just as they did when I was using an NT server as the PDC.
In WinME, they just use the Password applet in the Control Panel. My NT and XP clients just do a CTRL+ALT+DEL and click on the Change Password button. It works in all cases.
I haven't really investigated yet if there's a way to force periodic password changes and all of the other NT Domain user account settings. That's next.

concerning XP ... how did you get the machine's to join the domain in the first place ... 99.9% sure that I've got my smb.conf up and running right, but I cant get the silly XP doorstops to join the domain ... did you add anything special to your smb.conf to get the xp client?

Hi bobo,

Can you post a copy of your smb.conf so we can have a look please...


Andrew B

If you're having problems joining XP to your Samba domain, follow my post here:

http://www.linuxnewbie.org/forum/showthread.php?s=&threadid=56757

You can schedule periodic password changes by setting the max/min password age under Local Seciruty Policy.

Originally posted by jymbo
You can schedule periodic password changes by setting the max/min password age under Local Seciruty Policy.

I was hoping to find a way to do it on the Samba server to force all users to change their password periodically. With just a quick look through the list of smb.conf parameters, I haven't come across anything yet.

By the way jymbo, thanks for your post on setting up your Samba PDC. You sure saved me a lot of time figuring out why my XP Professional machines wouldn't join the domain.

mine did ... as soon as I get the linuxbox up and running ... I'll post the smb.conf and the reg changes to XP to make it happen.

Cowanrl: good to hear my post helped you with XP + Samba PDC. I've spent weeks going through Samba docs, forums, and pages of read-me's trying to get this one to work.

To my knowledge, Samba was built on reverse-engineering of Windows NT server, which means that you won't be able to push Active Directory-style policies to your clients...at least, not yet...

Samba TNG (The Next Generation) is supposed to provide limited Active Directory features.

When that day comes, I'm first in line...:D

I got it to work - well sort of. I had to disable unix password sync and the change password worked from windows. It is my understanding that the 'password program' and 'chat script' should help resolve the sync problem but I can't get it to work. does anyone have a config that changes both? I'd love to see it!

Much gras

I learned that I needed to disable roaming profiles in my XP box and my 2K pro box ... and I'm still having trouble with a windows ME pc ... perseverance will pay off.

Sorry for the tardy reply Andrew ... here ya go. It's a mix of the few that I've been able to find here online ... with a few touches of my own ... but it works for me and my setup.

This machine is acting as a squid proxy server -- http accelerator, an apache web sever, a primary domain controller, it will be hosting my email soon and the last thing to do is to make it my router ... as soon as I figure out security.

The only thing that I cant seem to make work is the darn FTP server ... ProFTP and WU-FTP both keep crashing and I'm not sure why.

the neat thing is that its's doing all this ... running a pretty cool KDE GUI and p2p filesharing (limewire) ... I've still got excellent system respons, performacne and a great deal of resources free even while doing other things on the network with other pc's ... I'm diggin Linux!!!!

# Samba config file created using SWAT
# from linuxbox (127.0.0.1)
# Date: 2002/08/02 00:10:16

# Global parameters
[global]
workgroup = HOME
netbios name = LINUXBOX
server string = Primary Domain Server running Samba Server %v
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*
unix password sync = Yes
log level = 2
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain admin group = root @adm
logon script = /etc/samba/netlogon/logon.bat
logon path =
logon home =
domain logons = Yes
os level = 65
preferred master = True
domain master = True
dns proxy = No
default service = global
comment = windows shares
path = /windoze
hosts allow = 127.0.0 192.168.254.0/255.255.255.0
printing = lprng

[homes]
comment = Home Directories
path = /home/%u
valid users = %S
read only = No
create mask = 0777
directory mask = 0777
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[windoze]
valid users = @everyone
write list = @everyone
read only = No
create mask = 0664
directory mask = 0775
inherit permissions = Yes
guest ok = Yes

[Shared Stuff]
path = /shares
valid users = @everyone
write list = @everyone
read only = No
create mask = 0664
directory mask = 0775
guest ok = Yes
volume = Shared Stuff

[library]
path = /library
valid users = @everyone
write list = @everyone
read only = No
create mask = 0664
directory mask = 0775
guest ok = Yes
volume = Library Books

[websites]
comment = windows share
path = /var/www
read list = @nobody
write list = @administrator
read only = No
create mask = 0777
directory mask = 0777
guest ok = Yes

[netlog]
comment = Network Logon Service
path = /etc/samba/netlogon
guest ok = Yes

[limewire_shares]
comment = LimeWire Shares
path = /ftp_shares
read only = No
create mask = 0777
directory mask = 0777
guest ok = Yes

:p