[Samba] Modifying password expiry dates

Andrew Bartlett abartlet at samba.org
Wed Oct 1 10:18:39 GMT 2003

On Wed, 2003-10-01 at 00:58, Damian Gerow wrote:
> I've just found out that Samba (rather correctly) implements a nice and low
> password expiry date through the tdbsam backend, and I believe the "maximum
> password age" value.
> However, I can't, for the life of me, actually /set/ this thing.  I've tried
> this:
>     # pdbedit -u <username> -r -P "maximum password age" -C 100

If you got the syntax right, this would set the maximum password age
'policy' to 100 seconds.   There is no way to set the 'expiry time' for
a particular password.

> We're running Samba 3.0b3, if that makes a difference.

It does - if you upgrade to 3.0.0 release, and delete the
account_policy.tdb, you will get no password expiry by default.  Then
you can reset the policy to whatever you like (hint: pdbedit -P "maximum
password age -C 1000000 ), and then change all the password that are now

For the timebeing, the ldapsam backend remains the best for allowing
arbitary control of these details.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031001/89569aa5/attachment.bin

More information about the samba mailing list