[Samba] Samba PDC = Expire passwords
Andrew Bartlett
abartlet at samba.org
Mon Jul 26 00:14:09 GMT 2004
On Mon, 2004-07-26 at 02:00, Rafael Paris wrote:
> Hi everyone...
>
> Since I'm running samba I haven't been able to implement pdbedit policies
> like password expiration time, lockout attempts, etc...
> I'm running samba-3.0.5 in RedHat enterprise 3
> I read pdbedit manual
> I also tried to force users to change their password at first logon running
> this command:
> pdbedit -P "user must logon to change password" -C 1
That policy is not only unused by Samba, it would defeat what you want.
> I set the account to last a week for testing purposes only and the minimum
> password age for 3 days.
>
> This is the account information for a user.
>
> [root at xxxxxxxx xxxxxxxx]# pdbedit -c "[L]" -u xxxxxx
> Unix username: xxxxxx
> NT username:
> Account Flags: [U ]
> User SID: S-1-5-21-4146764868-xxxxxxxxx-xxxxxxxxxx-2002
> Primary Group SID: S-1-5-21-4146764868-xxxxxxxxx-xxxxxxxxxx-512
> Full Name: Antonio Prado
> Home Directory: \\xxxxxxxx\aprado
> HomeDir Drive:
> Logon Script: aprado.bat
> Profile Path:
> Domain: CASINO
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: lun, 18 ene 2038 23:14:07 GMT
> Kickoff time: lun, 18 ene 2038 23:14:07 GMT
> Password last set: dom, 11 jul 2004 13:21:16 GMT
> Password can change: dom, 11 jul 2004 13:21:16 GMT
> Password must change: lun, 18 ene 2038 23:14:07 GMT
If this is set to 0, then it the 'must change at first logon' is
flagged.
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040726/a58e577a/attachment.bin
More information about the samba
mailing list