[Samba] password expiration

Bob Hemedinger rhemedinger at yahoo.com
Fri Dec 6 12:43:01 GMT 2002 

I'd be interested in knowing more about how you did
this also.

--- Jim Morris <Jim at Morris-World.com> wrote:
> On Tuesday, December 3, 2002, at 01:46  PM,
> <dan at essensys.com> wrote:
> 
> > 1) Does Samba now fully support password
> expiration?  (I can get it to 
> > pop
> > up a message on the windows client that the
> password is about to 
> > expire, but
> > it keeps letting me log on)
> 
> Samba does not directly support password expiration
> (at this time 
> anyway). It indirectly can support it via PAM on
> Linux, Solaris or 
> other PAM enabled systems. In these cases, by
> setting 'obey pam 
> restrictions = yes' in your smb.conf file, you can
> have Samba obey any 
> expiration settings on the user accounts, which you
> have setup in the 
> Unix password database.
> 
> That said, my experience in implementing this for a
> large site recently 
> is that you will NOT get any sort of password
> expiration dialog at the 
> Windows clients. What happens is that you either can
> login, or you 
> cannot. Once the password has expired, you can no
> longer logon to the 
> domain or the Samba server.  No explanation is given
> - it is as if you 
> keyed in a bad password.
> 
> > 2) How do I get it to change password from the
> "password is expiring"
> > dialog? (I can change the password from the
> "change password" button in
> > windows, but when I say I want to change it from
> the "password about to
> > expire" message, I aways get "can't change
> password because domain is
> > unavailable"
> 
> I think I addressed this already - Samba is not what
> displays this 
> dialog on the Windows client.
> 
> The solution I ultimately implemented in order to
> meet a new 60-day 
> password expiration policy was to implement a web
> page which is invoked 
> by the Windows logon script if the user is within
> the 'warning' period 
> configured in the Unix password database.  7 days
> for example. During 
> that period, a web page will be invoked by the logon
> script, telling 
> the user their password is about to expire in x
> days, and giving them a 
> link to a URL on the Samba server itself, where they
> can change their 
> password.
> 
> I guess maybe I could put something together like a
> HOWTO on this topic 
> if it sounds useful to others. It took a few days to
> peice together a 
> solution....
>   --
> Jim Morris (Jim at Morris-World.com)
> 
> -- 
> To unsubscribe from this list go to the following
> URL and read the
> instructions: 
http://lists.samba.org/mailman/listinfo/samba


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

More information about the samba mailing list