[Samba] pdbedit and password expiry
Andrew Bartlett
abartlet at samba.org
Mon Feb 9 20:24:45 GMT 2004
On Tue, 2004-02-10 at 03:32, David Wilson wrote:
> Hi guys/girls,
>
> How are you ?
> I've been struggling to get my users' passwords to expire.
> My configuration is samba-3.0 running with the standard smbpasswd
> back-end.
>
> Everything that I can find on the web says I should set the following to
> expire my users passwords after 28 days.:
> pdbedit -v -P 'minimum password age' -C 300
> pdbedit -v -P 'maximum password age' -C 2419200
>
> Unfortunately my users never get prompted for a new password.
>
> When I do a "pdbedit -v -u <username>" all the details come up, however
> what I find interesting is the following:
> Password can change: Wed, 04 Feb 2004 16:59:54 GMT
> Password must change: Fri, 13 Dec 1901 22:45:51 GMT
>
> What ever I try I cannot change the "Password must change:" line.
> Perhaps I've missed something really simple here ?
> Does this feature perhaps require an LDAP back-end ?
Yes, it requires the LDAP backend, and only applies after the password
has been changed (that is, the 'must change time' will not be reset for
current passwords).
We store the 'last change time' for smbpasswd, and could therefore
implement a patch to handle this, but I would prefer to keep smbpasswd
dumb and simple and to push people to the wonderful (horrible) world of
LDAP ;-)
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040210/376fe704/attachment.bin
More information about the samba
mailing list