[Samba] Hows samba calculating sambaPwdMustChange?

[Rauno Tuul]

Hi,

In latest samba 3 there is a policy setting option:

$ pdbedit -P "maximum password age" -C 7776000

When user changes password, then new sambaPwdMustChange will be calculated
based on policy. My policy is 90 days. works just fine.
2147483647 is just a value in far future (year 2030 or something), meaning
that user doesn't have to change his password.


Another way is to set value in smbldap-tools (latest version needed
(included in samba 3.0.1 package).
smbldap_conf.pm

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for $_defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
$_defaultMaxPasswordAge = 90;
When using 'smbldap-passwd.pl username' password will be changed and needed
sambaPwdMustChange will be set.

Third way is to change value manually in LDAP base with ldap-modify.

Regards,

 Rauno

> -----Original Message-----
> From: Beast [mailto:indorama at rad.net.id]
> 
> When samba password has been expired, user are force to 
> change their password from client WS. 
> Samba will modify sambaPwdMustChange attribute and the value 
> seems always "2147483647", this not happen when changin 
> password with smbpasswd.
> 
> >From where samba calculate value for "sambaPwdMustChange"? 
> is it constant?
> Is it possible to specify different value?