[Samba] Forcing password changes using SAMBA as PDC

Andrew Bartlett abartlet at samba.org
Mon Jul 28 23:19:14 GMT 2003

On Tue, 2003-07-29 at 04:50, Andreas wrote:
> On Tue, Jul 15, 2003 at 11:58:07AM +0000, Andrew Bartlett wrote:
> > This works directly in Samba 3.0 (as in, Samba enforces this itself).
> > 
> > IN Samba 2.2, you configure PAM for terminal logins, then set 'obey pam
> > restrictions = yes' (on a PAM enabled build, naturally) and make the same 
> > config in /etc/pam/samba.
> (old message, I know, sorry)
> But using PAM would require one to disable encrypted passwords, right?

No.  You may still use PAM's account-control functionality even if you
don't use it for passwords.  Consider how SSH still asks PAM about
disabled accounts, even when the login is with a key.

> Put in another way, is it possible with current samba 2.2, and encrypted
> passwords, to force a windows client to change password upon first login? 
> Or periodically?

It is.  (For domain logon clients, NT4 or above).

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030728/af691521/attachment.bin

More information about the samba mailing list