samba4 and password expiration

Matthieu Patou mat at
Thu Sep 25 19:40:43 GMT 2008

On 25.09.2008 21:20, Andrew Bartlett wrote:
> On Thu, 2008-09-25 at 21:14 +0400, Matthieu Patou wrote:
>> Dear all,
>> It seems that the current password expiration for samba4 is around 42
>> days is there a way to change this value (parameter in smb.conf, ldb
>> file or even recompilation) ?
> This would be by setting the maxPwdAge in the domain DN, or the
Exactly ... found it, it can be modified with ldbedit -H users.ldb and 
it must be in tenth of microsecond and negative number.

> UF_DONT_EXPIRE_PASSWD flag onto the user (using the setup/setexpiry)
> tool.
I didn't know about this but I know that it is possible through the AD 
manager of Microsoft (as spotted in the Samba Wiki).

It seems that with a Windows 2003/2008 server you can do this through 
global policy editor, is it plan to do something that either replace 
this tool or (as it is still usefull for defining policies for the 
workstations) to read the files into var/locks/policies and replicate 
the change into samba's ldap ?


More information about the samba-technical mailing list