[Samba] Samba PDC+LDAP: Account restrictions

Andrew Bartlett abartlet at samba.org
Tue Oct 29 22:02:00 GMT 2002

Yura Pismerov wrote:
> "Bradley W. Langhorst" wrote:
> >
> > On Tue, 2002-10-29 at 12:37, h g wrote:
> > > Hi,
> > >
> > > I have a Samba PDC with LDAP, How to set user's
> > > password to be expired automatically after 186 days.
> > > Also, how to enforce password rules such as at least 6
> > > characters?
> > not currently possible in samba2
> "min passwd length" works in 2.2.x though.
> As for the LDAP password aging... You can also look at Kerberos as the
> password backend for LDAP. Kerberos has his own password aging mechanism
> that works perfectly. Not to mention that it does much more sense to
> store passwords in a system that was initially (unlike LDAP) designed
> for that purpose.

Won't work for NTLM passwords.  However, with LDAP in Samba 3.0 we do
honer the password expiry, and the account policy tdb allows us to set
when they should expire.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list