[Samba] Problems with password policy in Samba 3.0.4
Jonathan Johnson
jon at sutinen.com
Tue May 11 22:53:00 GMT 2004
Have an issue with password policy in Samba 3.0.4 with tdbsam password
backend on RedHat 8.0. This issue was observed with an up-to-date
Windows XP client, NT's SRVTOOLS on Windows 2000.
I can set password policy (expiration, length, etc.) using usrmgr.exe
from the Windows NT Server Tools. After setting policy, when I execute
'pdbedit -Lv someuser', it does not display the correct "Password Must
Change" UNTIL the user's password is changed, either with smbpasswd or
CTRL-ALT-DEL on the user's workstation.
For example, using usrmgr.exe, I set policy that passwords must expire
in 90 days. I unchecked "Password Never Expires" for the user in
question. When I did 'pdbedit -Lv username', it still showed that the
expiration was Mon Jan 18, 2038. Upon changing the password using
CTRL-ALT-DEL from the user's XP workstation, the password was
successfully changed. Executing 'pdbedit -Lv username' now displays the
correct expiration, 90 days from now.
Likewise, if I set "Password Never Expires" (in usrmgr.exe) for this
user, the pdbedit still displays a password expiration 90 days from
now.
I have not tested to see if the password will expire when policy
demands if the wrong date is displayed in pdbedit.
Another question: is the password expiration date relative to the
system date/time of the Samba server or of the Windows client?
--Jon Johnson
Sutinen Consulting, Inc.
More information about the samba
mailing list