"Password must change" versus sambaPwdMustChange attribute

[Bartlomiej Solarz-Niesluchowski]

At 13:31 2007-05-24, Jim McDonough wrote:
>On 5/24/07, Jim McDonough <<mailto:jmcd at samba.org>jmcd at samba.org> wrote:
>On Thu, May 24, 2007 at 10:28:05AM +0200, Bartlomiej 
>Solarz-Niesluchowski wrote:
> > on 3.0.25 it looks different:
> > - "maximum password age" has bigger precedence then sambaPwdMustChange
>
>Yes, this is the key part: we are now doing it correctly, and we 
>weren't before.  If you need to force it for a single user, then 
>choose a password last set time accordingly (zero would be fine to 
>force it now).
>
>
>I should clarify what this means: the user info field that says 
>"password must change" is not actually a SAM attribute, it's 
>dynamically calculated as Volker pointed out.  The user info 
>structures do not map 1:1 to the SAM fields, though in earlier 
>versions we'd made that incorrect assumption.  Sorry for the change 
>now, but it's now working correctly.

OK - so I must change policy of my server. Because before samba 
3.0.25 max age of password was set dependent on group (eg. staff 90 
days students 180 days), but as I correctly understud I can have only 
one time of max age of password..... :'(



--
Bartlomiej Solarz-Niesluchowski, Administrator WSISiZ
e-mail: Bartlomiej.Solarz-Niesluchowski at wit.edu.pl
JID: solarz at jabber.wit.edu.pl
01-447 Warszawa, ul. Newelska 6, pokoj 404, pon.-pt. 8-16, tel. 228369253
Motto - Jak sobie poscielisz tak sie wyspisz