samba4 and password expiration

Scott Lovenberg scott.lovenberg at
Mon Sep 29 03:25:23 GMT 2008

Andrew Bartlett wrote:
> On Thu, 2008-09-25 at 23:40 +0400, Matthieu Patou wrote:
>> On 25.09.2008 21:20, Andrew Bartlett wrote:
>>> On Thu, 2008-09-25 at 21:14 +0400, Matthieu Patou wrote:
>>>> Dear all,
>>>> It seems that the current password expiration for samba4 is around 42
>>>> days is there a way to change this value (parameter in smb.conf, ldb
>>>> file or even recompilation) ?
>>> This would be by setting the maxPwdAge in the domain DN, or the
>> Exactly ... found it, it can be modified with ldbedit -H users.ldb and 
>> it must be in tenth of microsecond and negative number.
>>> UF_DONT_EXPIRE_PASSWD flag onto the user (using the setup/setexpiry)
>>> tool.
>> I didn't know about this but I know that it is possible through the AD 
>> manager of Microsoft (as spotted in the Samba Wiki).
>> It seems that with a Windows 2003/2008 server you can do this through 
>> global policy editor, is it plan to do something that either replace 
>> this tool or (as it is still usefull for defining policies for the 
>> workstations) to read the files into var/locks/policies and replicate 
>> the change into samba's ldap ?
> One of the big tasks remaining is to create a tool capable of applying
> the Group Policy definitions to Samba itself, rather than just to
> clients.
> It would be good to also have a non-Microsoft Group Policy editor.
You mean a front end strictly to the DS?  Or an editor that abstracts 
Group Policy from Samba semantics, but only supports options common to 
both AD and Samba4?

I've messed about with Apache Directory Studio 
<> a bit.  It's Eclipse based, Apache 
v2.0 licensed (not sure if that's a deal breaker right out of the 
gates), extensible and cross platform (java).  Could be a starting 
point.  Just an idea.

More information about the samba-technical mailing list