diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba
index 9d88cbacf..c49d544e6 100644
--- a/config/rootfiles/packages/aarch64/samba
+++ b/config/rootfiles/packages/aarch64/samba
@@ -788,6 +788,7 @@ usr/lib/security/pam_winbind.so
 usr/libexec/samba/smbspool_krb5_wrapper
 usr/sbin/eventlogadm
 usr/sbin/nmbd
+usr/sbin/samba-change-password
 usr/sbin/samba-gpupdate
 usr/sbin/smbd
 usr/sbin/winbindd
diff --git a/config/rootfiles/packages/armv5tel/samba b/config/rootfiles/packages/armv5tel/samba
index fa039f604..5f208b03e 100644
--- a/config/rootfiles/packages/armv5tel/samba
+++ b/config/rootfiles/packages/armv5tel/samba
@@ -788,6 +788,7 @@ usr/lib/security/pam_winbind.so
 usr/libexec/samba/smbspool_krb5_wrapper
 usr/sbin/eventlogadm
 usr/sbin/nmbd
+usr/sbin/samba-change-password
 usr/sbin/samba-gpupdate
 usr/sbin/smbd
 usr/sbin/winbindd
diff --git a/config/rootfiles/packages/i586/samba b/config/rootfiles/packages/i586/samba
index 1f406cc71..56ec3822b 100644
--- a/config/rootfiles/packages/i586/samba
+++ b/config/rootfiles/packages/i586/samba
@@ -788,6 +788,7 @@ usr/lib/security/pam_winbind.so
 usr/libexec/samba/smbspool_krb5_wrapper
 usr/sbin/eventlogadm
 usr/sbin/nmbd
+usr/sbin/samba-change-password
 usr/sbin/samba-gpupdate
 usr/sbin/smbd
 usr/sbin/winbindd
diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
index 2df36e438..37b1ff137 100644
--- a/config/rootfiles/packages/x86_64/samba
+++ b/config/rootfiles/packages/x86_64/samba
@@ -788,6 +788,7 @@ usr/lib/security/pam_winbind.so
 usr/libexec/samba/smbspool_krb5_wrapper
 usr/sbin/eventlogadm
 usr/sbin/nmbd
+usr/sbin/samba-change-password
 usr/sbin/samba-gpupdate
 usr/sbin/smbd
 usr/sbin/winbindd
diff --git a/config/samba/samba-change-password b/config/samba/samba-change-password
new file mode 100644
index 000000000..06f783e52
--- /dev/null
+++ b/config/samba/samba-change-password
@@ -0,0 +1,37 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2021 IPFire Team <info@ipfire.org>                         #
+#                                                                          #
+############################################################################
+
+main() {
+	local username="${1}"
+	local password="${2}"
+
+	# Change password UNIX account
+	printf -- "${username}:${password}\n" | chpasswd
+
+	# Change SMB password
+	printf -- "${password}\n${password}\n" | smbpasswd -as "${username}"
+
+	return 0
+}
+
+main "$@" || exit "$?"
diff --git a/lfs/samba b/lfs/samba
index f57a04737..07e0c601b 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -114,6 +114,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	mkdir -p /var/spool/samba
 	chmod -v 1777 /var/spool/samba/
 
+	# Install password change helper script
+	install -m 755 $(DIR_SRC)/config/samba/samba-change-password /usr/sbin/samba-change-password
+
 	#install initscripts
 	$(call INSTALL_INITSCRIPT,samba)
 
diff --git a/src/misc-progs/sambactrl.c b/src/misc-progs/sambactrl.c
index 92ebef13a..9753492f6 100644
--- a/src/misc-progs/sambactrl.c
+++ b/src/misc-progs/sambactrl.c
@@ -82,11 +82,7 @@ int main(int argc, char *argv[]) {
 		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g sambauser -s /bin/false %s >/dev/null", argv[2]);
 		safe_system(command);
 
-		snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
-		safe_system(command);
-
-		snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
-		safe_system(command);
+		run("/usr/sbin/samba-change-password", argv + 1);
 
 	} else if (strcmp(argv[1], "smbchangepw") == 0) {
 		if (!is_valid_argument_alnum(argv[2])) {
@@ -94,11 +90,7 @@ int main(int argc, char *argv[]) {
 			exit(2);
 		}
 
-		snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
-		safe_system(command);
-
-		snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
-		safe_system(command);
+		run("/usr/sbin/samba-change-password", argv + 1);
 
 	} else if (strcmp(argv[1], "readsmbpasswd") == 0) {
 		safe_system("/bin/chown root:nobody /var/ipfire/samba/private >/dev/null");