[Samba] Gurus please clear the password expiration and must change issue in SAMBA PDC

Viktor Posta viktor_posta at hu.ibm.com
Mon Apr 22 14:41:05 GMT 2002 

Hello Everyone !

I trying to reach the status on my Samba PDC when it is able to send the
correct commands to the windows client when the password expired or when it
is manually forced to change the password !

The suggestions was that you can do it with LDAP...

I've learnt what is LDAP how it works... , and slowly I've prepared my
Samba with an LDAP backend, it is working !

Then on the OPenLDAP list I've got a feedback that the OpenLDAP in the
current version (2.0.23) is not able to handle all the time stamps except
the Last Change now  value. The result is that If I set the Password must
change on the user account, then it stays in that state until I don't
change it back manually, it doesn't matter that the user has changed the
password, next logon he can logon with the new passsword but he get the
Password must change prompt again !

-----------------

I've played with PAM, I cannot say that I understand it well, I'm trying...
but am I right that is it possible to force the Samba to use the Unix
Passwords for autenthication with the help of PAM, and in this case if I
set on the Unix account that the password expired (usermod -e ) then
through PAM the Samba can handle this correctly ?

I've discovered the last few month's Samba List archive, and I see that
this Password Expiration question raised week by week and almost all of the
questions stayed in open state because the Gurus are always give info that
how to do it (which is very good, and really thank you), but they think
that who asked the question is an Expert in LDAP, PAM and Samba, but come
on it is not true !

So it would be very good to clear this question, or make a 2-3 pages how-to
with the main points of this !

I think lot of Administrators are  fighting with this question, including
me too !

Sorry if I was a bit long, but I'm pissed off a bit because I've spent to
much time to solve this, and I always went into some impasse !

Just One question at the end, does anybody know somebody who has a Working
Samba PDC with this Function ?

Thanks in advance if anybody answer some real solution on this problem !

Best Regards !

Viktor Posta

More information about the samba mailing list