[Samba] Samba3, ldap and password expiry

John Little jlittle_97 at yahoo.com
Tue Jul 12 18:12:25 GMT 2005


Hi all!

We are using 1 Samba PDC and 2 bdc (Version
3.0.15pre3-SVN-build-UNKNOWN-PS-SuSE) with openldap2-2.2.6-37.38 on
SLES 9.

New users setup ok and first logon password change works.  Because of
HIPAA we need the passwords to change every 30 days however this isn't
happening. 

I thought that I had this working once upon a time while I was testing
and getting ready for production but somewhere along the line I must've
changed something.  At any rate we're moving into production (3
departments so far!) and this has come to my attention.

Other relevant data:
ldapsearch -x -b "dc=hrh,dc=org" "(ObjectClass=*)"
>current_ldapsearch.txt   and looking up my account shows:
# jslittl, People, hrh.org
dn: uid=jslittl,ou=People,dc=hrh,dc=org
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: jslittl
sn: jslittl
uid: jslittl
uidNumber: 1004
homeDirectory: /home/jslittl
loginShell: /bin/bash
gecos: System User
sambaSID: S-1-5-21-1418864132-1159184377-506600700-3008
description: domain admin
sambaKickoffTime: 0
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
 00000000
sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
sambaAcctFlags: [U          ]
gidNumber: 512
sambaPrimaryGroupSID: S-1-5-21-1418864132-1159184377-506600700-512
sambaPwdMustChange: 2147483647
sambaPwdCanChange: 1116358396
sambaPwdLastSet: 1116358396
displayName: little, john
sambaProfilePath: \\hrhdc01\profiles\jslittl

from smbldap-tools.conf:
defaultMaxPasswordAge="30" under the Unix Accounts Configuration
We are using smbldap-tools-0.9.1-1 for this.

Please let me know what else to check/change for this to work.

Regards,
John Little
Hendricks Regional Health
jslittl at hendricks.org


		
____________________________________________________
Sell on Yahoo! Auctions – no fees. Bid on great items.  
http://auctions.yahoo.com/


More information about the samba mailing list