[Samba] Samba Password Expiry Date

Hiu Yen Onn yohiu at shinyang.com.my
Thu Jun 2 08:17:53 GMT 2005


Matthias Spork wrote:

> Hello,
>
> > so, i am seeking the solution making the password expiry feature
> > avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.
>
> the password expires in Unix and Samba.
>
> Samba does all changes for itself. You can set password-age to 60 days 
> by typing:
>
> #> pdbedit -P "maximum password age" -C 5007600
>
> For Linux you have to change "shadowlastchange" in LDAP. I wrote a 
> script for this:
>
> smb.conf:
> #---------------------------------------------------------
> unix password sync = yes
> passwd program = /etc/samba/scripts/ldap_userPassword_change %u
> passwd chat = *New*password* %n\n *new*password* %n\n *Success*
> #---------------------------------------------------------
>
> /etc/samba/scripts/ldap_userPassword_change:
> #---------------------------------------------------------
> #!/bin/sh
>
> LDAP_SERVER="ldapserver"
> LDAP_USER="uid=userPassChange,o=mydomain,c=com"
> LDAP_PASS="secret"
> LDAP_PASSWD="/usr/bin/ldappasswd"
> LDAP_MODIFY="/usr/bin/ldapmodify"
>
> #DN of User
> USER_DN="uid=$1,ou=users,o=mydomain,c=com"
>
> #Get Date
> TS=`date +%s`
> SLC="$(($TS/24/3600))"
>
> #-> MODIFY userPassword
> $LDAP_PASSWD -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS -S $USER_DN
>
> #-> MODIFY shadowlastchange
> if [ $? -eq 0 ]; then
> echo "dn: $USER_DN
> changetype: modify
> replace: shadowLastChange
> shadowLastChange: $SLC" | $LDAP_MODIFY -x -h $LDAP_SERVER -D 
> $LDAP_USER -w $LDAP_PASS >/dev/null 2>&1
> fi
>
> exit
> #---------------------------------------------------------
>
> kind regards
> Matthias
>
>
> Hiu Yen Onn schrieb:
>
>> Hi,
>>
>> i have configured a Samba PDC based on idealx.org.
>> now, whenever i set the sambaMustChangePassword flag to 0, then
>> from the subsequent logon, there is a popup urge me for changing 
>> password.
>> now, the problem is after i have changed the password, the 
>> sambaMustChangePassword
>> is set to 2147483647(unix timestamp), which if i converted it into 
>> human readable format, it will be  2038 year, bla..bla..and bla 
>> second. it is really unbelieveable that my password will be lasted 
>> until year 2038 year??? i have looked thoroughly on the internet 
>> resources, some mentioning about on defaultMaxPasswordAge flag. I 
>> think i have set it to 55 (actually, i dunno whether what is the 
>> quantity representing, day?? time??). but, i have no point to make it 
>> works.
>>
>> so, i am seeking the solution making the password expiry feature 
>> avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.
>>
>> Cheers,
>> yenonn
>
>
>
i prompt in the pdbedit -P "maximum password age". it yields to me this
"account policy value for maximum password age is 4294967295"

what is the digits means to me?? how can i make use of it??? thanks



More information about the samba mailing list