[Samba] Expire Password -> Which is half the most easy one?

Andrew Bartlett abartlet at samba.org
Wed Mar 5 21:48:10 GMT 2003

On Thu, 2003-03-06 at 03:40, Tiago Cruz wrote:
> Hello lists...
> forgives to be insisting on this subject...  :-(
> I would like to know which I am half the most easy one to obtain to
> expire the passwords of the users of samba... :-)
> "If you set 'obey pam restrictions = yes' and setup the correct PAM
> configuration files, then Samba will also honer this.  You should also
> set 'unix password sync = yes' and 'pam password change yes' so that the
> password changes update the PAM backend too."
> (...)
> "Your two options are to use PAM, or to use Samba 3.0alpha and pdb_ldap.
> In pdb_ldap, you want to set the 'pwdMustChange' attribute to 0." 
> (Andrew Bartlett)
> Good people, would like that they thought which is the way most easy to
> make this for a person who understands of SAMBA but she does not
> understand of LDAP and nor of PAM...
> My net is small simple e (~60 machines) and will only use RH 8,0 for
> server of archives (ok), PDC (ok) and PostgreSQL (ok) in the place of a
> W2K...

It really does come down to 'are you running Samba 3.0 alpha'.  If you
are, then setting things up in LDAP is relatively sane.  If you are
running Samba 2.2, or are using 'unix password sync' anyway, then doing
it via PAM will enforce it for all user logins, not just Samba.

Andrew Bartlett
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030306/e45b92ac/attachment.bin

More information about the samba mailing list