samba4 and password expiration

Andrew Bartlett abartlet at
Fri Oct 17 05:18:04 GMT 2008

On Thu, 2008-09-25 at 23:40 +0400, Matthieu Patou wrote:
> On 25.09.2008 21:20, Andrew Bartlett wrote:
> > On Thu, 2008-09-25 at 21:14 +0400, Matthieu Patou wrote:
> >> Dear all,
> >>
> >> It seems that the current password expiration for samba4 is around 42
> >> days is there a way to change this value (parameter in smb.conf, ldb
> >> file or even recompilation) ?
> >
> > This would be by setting the maxPwdAge in the domain DN, or the
> Exactly ... found it, it can be modified with ldbedit -H users.ldb and 
> it must be in tenth of microsecond and negative number.
> > UF_DONT_EXPIRE_PASSWD flag onto the user (using the setup/setexpiry)
> > tool.
> I didn't know about this but I know that it is possible through the AD 
> manager of Microsoft (as spotted in the Samba Wiki).
> It seems that with a Windows 2003/2008 server you can do this through 
> global policy editor, is it plan to do something that either replace 
> this tool or (as it is still usefull for defining policies for the 
> workstations) to read the files into var/locks/policies and replicate 
> the change into samba's ldap ?

That's pretty much the idea - Samba clearly needs to be a group policy
client at some point (soon).

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list