"Password must change" versus sambaPwdMustChange attribute

Jim McDonough jmcd at themcdonoughs.org
Thu May 24 11:31:40 GMT 2007

On 5/24/07, Jim McDonough <jmcd at samba.org> wrote:
> On Thu, May 24, 2007 at 10:28:05AM +0200, Bartlomiej Solarz-Niesluchowski
> > wrote:
> > > on 3.0.25 it looks different:
> > > - "maximum password age" has bigger precedence then sambaPwdMustChange
> >
> Yes, this is the key part: we are now doing it correctly, and we weren't
> before.  If you need to force it for a single user, then choose a password
> last set time accordingly (zero would be fine to force it now).

I should clarify what this means: the user info field that says "password
must change" is not actually a SAM attribute, it's dynamically calculated as
Volker pointed out.  The user info structures do not map 1:1 to the SAM
fields, though in earlier versions we'd made that incorrect assumption.
Sorry for the change now, but it's now working correctly.

Jim McDonough
Samba Team
jmcd at samba dot org

More information about the samba-technical mailing list