Passowrd policy patch on Samba-3.0.2 for LDAP backend
Jim McDonough
jmcd at us.ibm.com
Thu Feb 19 22:37:37 GMT 2004
>These values are defined by Microsoft, not us. You should be able to
>set them from User Mangler, or get them via vampire, for example.
Ok, will fix. Thanks.
>On parts of this patch not yet commited - I don't think we should have a
>special case for the 'domain admins' group. At least, I don't think we
>should have that special case in the way it's currnetly proposed. After
>calling initgroups() is fine (which means reworking ordering of some
>stuff), but the current code just seems the wrong way to do it.
>
>Personally, on a unix server, I think having no special case here is
>acceptable - the admin can log in with SSH and reset things with
>pdbedit. On microsoft servers, the admin account can be locked in
>certain configurations, and only unlocked at the DC console.
Yep, Jerry and I decided the same thing.
----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA
jmcd at us.ibm.com
jmcd at samba.org
Phone: (207) 885-5565
IBM tie-line: 776-9984
More information about the samba-technical
mailing list