Passowrd policy patch on Samba-3.0.2 for LDAP backend

Jim McDonough jmcd at
Thu Feb 19 22:37:37 GMT 2004

>These values are defined by Microsoft, not us.  You should be able to
>set them from User Mangler, or get them via vampire, for example.
Ok, will fix.  Thanks.

>On parts of this patch not yet commited - I don't think we should have a
>special case for the 'domain admins' group.  At least, I don't think we
>should have that special case in the way it's currnetly proposed.  After
>calling initgroups() is fine (which means reworking ordering of some
>stuff), but the current code just seems the wrong way to do it.
>Personally, on a unix server, I think having no special case here is
>acceptable - the admin can log in with SSH and reset things with
>pdbedit.  On microsoft servers, the admin account can be locked in
>certain configurations, and only unlocked at the DC console.
Yep, Jerry and I decided the same thing.

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at
jmcd at

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list