[Samba] pdbedit and password expiry

Andrew Bartlett abartlet at samba.org
Mon Feb 9 20:24:45 GMT 2004

On Tue, 2004-02-10 at 03:32, David Wilson wrote:
> Hi guys/girls,
> How are you ?
> I've been struggling to get my users' passwords to expire.
> My configuration is samba-3.0 running with the standard smbpasswd
> back-end.
> Everything that I can find on the web says I should set the following to
> expire my users passwords after 28 days.:
> pdbedit -v -P 'minimum password age' -C 300
> pdbedit -v -P 'maximum password age' -C 2419200
> Unfortunately my users never get prompted for a new password.
> When I do a "pdbedit -v -u <username>" all the details come up, however
> what I find interesting is the following:
> Password can change:  Wed, 04 Feb 2004 16:59:54 GMT
> Password must change: Fri, 13 Dec 1901 22:45:51 GMT
> What ever I try I cannot change the "Password must change:" line.
> Perhaps I've missed something really simple here ?
> Does this feature perhaps require an LDAP back-end ?

Yes, it requires the LDAP backend, and only applies after the password
has been changed (that is, the 'must change time' will not be reset for
current passwords).

We store the 'last change time' for smbpasswd, and could therefore
implement a patch to handle this, but I would prefer to keep smbpasswd
dumb and simple and to push people to the wonderful (horrible) world of
LDAP ;-)

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040210/376fe704/attachment.bin

More information about the samba mailing list