I am setting up servers for a large high school in the fall.

Question #1 is can I force a password change at first login
for samba only users?

I can't do it by date because they may not login at the same
time. Or even for months.

Almost all users (except for techs, and several computer
teachers) will login with the option

-s /sbin/nologin

Therefore do I need to modify the following section or can I
ignore it.

(Note 2 in smb.conf suggest I don't--two questions follow)

# The following are needed to allow password changing from
Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd
file' above.
# NOTE2: You do NOT need these to allow workstations to
change only
# the encrypted SMB passwords. They allow the Unix
password
# to be kept in sync with the SMB password.
; unix password sync = Yes
; passwd program = /usr/bin/passwd %u
; passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*success fully*