"Password must change" versus sambaPwdMustChange attribute

Jim McDonough jmcd at samba.org
Thu May 24 11:27:10 GMT 2007

On 5/24/07, Volker Lendecke <Volker.Lendecke at sernet.de> wrote:
> On Thu, May 24, 2007 at 10:28:05AM +0200, Bartlomiej Solarz-Niesluchowski
> wrote:
> > it seems that on 3.0.24 field sambaPwdMustChange has precedense
> > over  "maximum password age"
> >
> > on 3.0.25 it looks different:
> > - "maximum password age" has bigger precedence then sambaPwdMustChange
> This is by design. We now dynamically calculate the maximum
> password age from pwdLastChange plus account policy to match
> what NT does.

Yes, this is the key part: we are now doing it correctly, and we weren't
before.  If you need to force it for a single user, then choose a password
last set time accordingly (zero would be fine to force it now).

Jim McDonough
Samba Team
jmcd at samba dot org

More information about the samba-technical mailing list