Web lists-archives.com

Re: [Samba] Prevent password change from command line

Le 16/01/2018 à 16:41, Rowland Penny via samba a écrit :
On Tue, 16 Jan 2018 16:21:31 +0100
Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx> wrote:

Mandi! Arnaud FLORENT via samba
   In chel di` si favelave...

the UserAccountControl flag "PASSWD_CANT_CHANGE" can not be set via
No, it is not true. You have 'simply'' to OR 0x00010000
userAccountControl attribute, eg:

	userAccountControl = userAccountControl || 0x00010000

0x00010000 is for DONT_EXPIRE_PASSWD
not for

look at:


You cannot stop the user from changing their password by setting
userAccountControl, you need to deny them permission to their object in

Thanx Rowland for your answer

any server command line tool can help me to edit object perm in AD

samba-tool dsacl set? what is --ssdl format?

IRIS Technologies

phone: (33) 03 20 65 85 80
fax: (33) 03 20 65 85 81


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba