Preventing users from changing password
Andrew Bartlett
abartlet at samba.org
Wed Jul 10 16:27:01 GMT 2002
Patrick McCarty wrote:
>
> Hi all,
>
> I'm attempting to prevent our users from changing their passwords from
> Windows XP specifically.
>
> I've tried settings acctflags in LDAP to:
> acctFlags: [UPX ]
>
> (P for cannot change password)
There is no 'P' option.
> and i've set:
> pwdCanChange: 2147483647
> pwdMustChange: 2147483647
>
> Unfortunately, XP isn't honoring these fields.
>
> What's the trick?
Not supported in Samba yet.
The 'user cannot change password' is implmented in NT as an ACL on the
user. We don't have ACL support for this yet - dicussions are just
starting on a new SAM subsystem with such features.
PasswordCanChange is also not yet implemented, but I'll take patches (to
HEAD) to improve that support.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list