[Samba] Samba PDC+LDAP: Account restrictions
Andrew Bartlett
abartlet at samba.org
Tue Oct 29 22:02:00 GMT 2002
Yura Pismerov wrote:
>
> "Bradley W. Langhorst" wrote:
> >
> > On Tue, 2002-10-29 at 12:37, h g wrote:
> > > Hi,
> > >
> > > I have a Samba PDC with LDAP, How to set user's
> > > password to be expired automatically after 186 days.
> > > Also, how to enforce password rules such as at least 6
> > > characters?
> > not currently possible in samba2
>
> "min passwd length" works in 2.2.x though.
> As for the LDAP password aging... You can also look at Kerberos as the
> password backend for LDAP. Kerberos has his own password aging mechanism
> that works perfectly. Not to mention that it does much more sense to
> store passwords in a system that was initially (unlike LDAP) designed
> for that purpose.
Won't work for NTLM passwords. However, with LDAP in Samba 3.0 we do
honer the password expiry, and the account policy tdb allows us to set
when they should expire.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list