Fix bug #5555. Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine account...

[samba.git] / source / auth / auth_sam.c

diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c
index 5e393f722075a55788ee8c0e5b5fef54b23ae882..50bf15318be5b0b2071515cfdfe6a1bb8daf59d7 100644 (file)
--- a/source/auth/auth_sam.c
+++ b/source/auth/auth_sam.c
@@ -166,8 +166,9 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
                time_t must_change_time = pdb_get_pass_must_change_time(sampass);
                time_t last_set_time = pdb_get_pass_last_set_time(sampass);
 
-               /* check for immediate expiry "must change at next logon" */
-               if (last_set_time == 0) {
+               /* check for immediate expiry "must change at next logon" 
+                * for a user account. */
+               if (((acct_ctrl & (ACB_WSTRUST|ACB_SVRTRUST)) == 0) && (last_set_time == 0)) {
                        DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", pdb_get_username(sampass)));
                        return NT_STATUS_PASSWORD_MUST_CHANGE;
                }