When trying to change password on a remote machine after it expired I've got the following: $>smbpasswd -D 10 -r server domain\\username ... SPNEGO login failed: Password expired Could not connect to machine server: NT_STATUS_PASSWORD_EXPIRED Failed to modify password entry for user domain\username When trying log in on ordinary Win2K box, system says: "Password expired and must be changed". And then allows me to perform desired change. I don't know what Windows version is installed on server, but according to nmap-4.11: $> nmap -v -O server ... Running: Microsoft Windows NT/2K/XP OS details: Microsoft Windows XP Pro SP1/SP2 or 2000 SP4 My suggestion. In source/libsmb/passchange.c : remote_password_change() ... if (!NT_STATUS_IS_OK(result)) { /* Password must change is the only valid error * condition here from where we can proceed, the rest * like account locked out or logon failure will lead * to errors later anyway */ if (!NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_MUST_CHANGE)) { ... May be it should also check for NT_STATUS_PASSWORD_EXPIRED.
I'll second this. Just today I run into the same issue and had to modify the code in the way proposed in the opening ticket which then worked fine. My patch below: --- passchange.c.bak 2006-11-06 10:12:22.000000000 +0100 +++ passchange.c 2006-11-06 08:59:04.000000000 +0100 @@ -86,7 +86,10 @@ * to errors later anyway */ if (!NT_STATUS_EQUAL(result, - NT_STATUS_PASSWORD_MUST_CHANGE)) { + NT_STATUS_PASSWORD_MUST_CHANGE) && + !NT_STATUS_EQUAL(result, + NT_STATUS_PASSWORD_EXPIRED) + ) { slprintf(err_str, err_str_len-1, "Could not " "connect to machine %s: %s\n", remote_machine, cli_errstr(&cli));
Applied for next release - thanks ! Jeremy.