"Password must change" versus sambaPwdMustChange attribute
jmcd at samba.org
Thu May 24 11:27:10 GMT 2007
On 5/24/07, Volker Lendecke <Volker.Lendecke at sernet.de> wrote:
> On Thu, May 24, 2007 at 10:28:05AM +0200, Bartlomiej Solarz-Niesluchowski
> > it seems that on 3.0.24 field sambaPwdMustChange has precedense
> > over "maximum password age"
> > on 3.0.25 it looks different:
> > - "maximum password age" has bigger precedence then sambaPwdMustChange
> This is by design. We now dynamically calculate the maximum
> password age from pwdLastChange plus account policy to match
> what NT does.
Yes, this is the key part: we are now doing it correctly, and we weren't
before. If you need to force it for a single user, then choose a password
last set time accordingly (zero would be fine to force it now).
jmcd at samba dot org
More information about the samba-technical