[Samba] Forcing password changes using SAMBA as PDC
Andrew Bartlett
abartlet at samba.org
Mon Jul 28 23:19:14 GMT 2003
On Tue, 2003-07-29 at 04:50, Andreas wrote:
> On Tue, Jul 15, 2003 at 11:58:07AM +0000, Andrew Bartlett wrote:
> > This works directly in Samba 3.0 (as in, Samba enforces this itself).
> >
> > IN Samba 2.2, you configure PAM for terminal logins, then set 'obey pam
> > restrictions = yes' (on a PAM enabled build, naturally) and make the same
> > config in /etc/pam/samba.
>
> (old message, I know, sorry)
>
> But using PAM would require one to disable encrypted passwords, right?
No. You may still use PAM's account-control functionality even if you
don't use it for passwords. Consider how SSH still asks PAM about
disabled accounts, even when the login is with a key.
> Put in another way, is it possible with current samba 2.2, and encrypted
> passwords, to force a windows client to change password upon first login?
> Or periodically?
It is. (For domain logon clients, NT4 or above).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030728/af691521/attachment.bin
More information about the samba
mailing list