[Samba] Unchangeable "Password must change: Fri, 13 Dec 1901 21:45:51 MET "

John H Terpstra jht at samba.org
Fri Mar 4 16:49:36 GMT 2005


Harold,

Are you using tdbsam as your password backend? If not, then you can not do 
what you  are attempting to do. There is no place in the smbpasswd file to  
store account aging information. Please confirm that you have in the globals 
section of your smb.conf file:

	passdb backend = tdbsam

If you need to migrate from smbpasswd to tdbsam, after the above has been 
added to the smb.conf file you can migrate the data by executing:

	pdbedit -i smbpasswd -e tdbsam


Cheers,
John T.

On Friday 04 March 2005 09:37, harold.celie at bt.com wrote:
> Hello Group,
>
> I've been reading many posts but i still don't have the answer to how to
> force a password change or set a password lifetime.
>
> I'm using w2k clients which connect to a samba PDC version 3.0.10 on a
> basic SunOS 5.8 system, no ldap or so. syncing the ux-passwords and the
> smb-passwords works perfect,
> but i can't get it working to force users to change passwords.
>
> The command that should do this is ;
> pdbedit -P "maximum password age" -C 5
> I know this are seconds, but just for testing
>
> Running this command as root gives;
> root> pdbedit -P "maximum password age" -C 5
> account policy value for maximum password age was 100
> account policy value for maximum password age is now 5
> root>
>
> It does change the policy;
> account policy value for maximum password age is 5
>
> but nothing is changed when i give the pdbedit -v command.
> When i run a pdbedit after i logged in/out as a user on the w2k system,
> nothing has happened
> the output is exactly the same as it was before.
>
> root> pdbedit -v -u useraa
> Unix username:        useraa
> NT username:
> Account Flags:        [U          ]
> User SID:             S-1-5-21-4240529304-4054190640-1643903753-27306
> Primary Group SID:    S-1-5-21-4240529304-4054190640-1643903753-1021
> Full Name:
> Home Directory:       \\server\useraa
> HomeDir Drive:
> Logon Script:
> Profile Path:         \\server\useraa\profile
> Domain:               NETDOM
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Fri, 13 Dec 1901 21:45:51 MET
> Kickoff time:         Fri, 13 Dec 1901 21:45:51 MET
> Password last set:    Thu, 03 Mar 2005 17:21:36 MET
> Password can change:  Thu, 03 Mar 2005 17:21:36 MET
> Password must change: Fri, 13 Dec 1901 21:45:51 MET
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> root>
>
> Selecting the option "change password at next logon" is usrmgr on the
> w2k machine doesn't do the trick either.
>
> Does anybody have a suggestion to get this running? Or is there another
> way to force users once in a while to change password?
> (maybe some command(s) i can put in cron)
>
> All help is welcome
>
> Thanks in advance
>
> Harold

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.


More information about the samba mailing list