[Samba] password expiration
Bob Hemedinger
rhemedinger at yahoo.com
Fri Dec 6 12:43:01 GMT 2002
I'd be interested in knowing more about how you did
this also.
--- Jim Morris <Jim at Morris-World.com> wrote:
> On Tuesday, December 3, 2002, at 01:46 PM,
> <dan at essensys.com> wrote:
>
> > 1) Does Samba now fully support password
> expiration? (I can get it to
> > pop
> > up a message on the windows client that the
> password is about to
> > expire, but
> > it keeps letting me log on)
>
> Samba does not directly support password expiration
> (at this time
> anyway). It indirectly can support it via PAM on
> Linux, Solaris or
> other PAM enabled systems. In these cases, by
> setting 'obey pam
> restrictions = yes' in your smb.conf file, you can
> have Samba obey any
> expiration settings on the user accounts, which you
> have setup in the
> Unix password database.
>
> That said, my experience in implementing this for a
> large site recently
> is that you will NOT get any sort of password
> expiration dialog at the
> Windows clients. What happens is that you either can
> login, or you
> cannot. Once the password has expired, you can no
> longer logon to the
> domain or the Samba server. No explanation is given
> - it is as if you
> keyed in a bad password.
>
> > 2) How do I get it to change password from the
> "password is expiring"
> > dialog? (I can change the password from the
> "change password" button in
> > windows, but when I say I want to change it from
> the "password about to
> > expire" message, I aways get "can't change
> password because domain is
> > unavailable"
>
> I think I addressed this already - Samba is not what
> displays this
> dialog on the Windows client.
>
> The solution I ultimately implemented in order to
> meet a new 60-day
> password expiration policy was to implement a web
> page which is invoked
> by the Windows logon script if the user is within
> the 'warning' period
> configured in the Unix password database. 7 days
> for example. During
> that period, a web page will be invoked by the logon
> script, telling
> the user their password is about to expire in x
> days, and giving them a
> link to a URL on the Samba server itself, where they
> can change their
> password.
>
> I guess maybe I could put something together like a
> HOWTO on this topic
> if it sounds useful to others. It took a few days to
> peice together a
> solution....
> --
> Jim Morris (Jim at Morris-World.com)
>
> --
> To unsubscribe from this list go to the following
> URL and read the
> instructions:
http://lists.samba.org/mailman/listinfo/samba
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
More information about the samba
mailing list