Passowrd policy patch on Samba-3.0.2 for LDAP backend

Jianliang Lu at
Fri Feb 20 11:06:22 GMT 2004

On Thu Feb 19 21:13:07 GMT 2004, Jim McDonough wrote:

> First of all, thanks for all the work!
> I'm incorporating large pieces of this into password lockout support, but
> with a few modifications.  First, I'm doing it a bit at a time, so I'm
> starting with just lockout.
> Next, I'm declaring that I don't like magic uint32 values of 0xFFFFFFFF to
> mean turn off duration, lockout count, and reset count time, because even 0
> would be a silly value to be a valid other words, having a
> lockout count of 0 would lock everyone out, a reset count of 0 would reset
> everyone's badpw counter every time, and duration of 0 would reset
> everyones lockout flag immediately.  So 0 means these policies are turned
> off.

You could not set the reset count and duration to 0 with User Manager for  
Domain, the minimum value that could be set is 1 minute. Also, the pdbedit 
could be changed as well to prevent the 0 setting for these policies, and 
the "not policy" value could be -1, means forever, or some default value.


Jianliang Lu
TieSse s.p.a.     Ivrea (To) - Italy at   luj at

More information about the samba-technical mailing list