[Samba] Samba3, ldap and password expiry
Adam Tauno Williams
awilliam at whitemice.org
Tue Jul 12 21:30:35 GMT 2005
> New users setup ok and first logon password change works. Because of
> HIPAA we need the passwords to change every 30 days however this isn't
> happening.
> I thought that I had this working once upon a time while I was testing
> and getting ready for production but somewhere along the line I must've
> changed something. At any rate we're moving into production (3
> departments so far!) and this has come to my attention.
Have you tried setting a password change policy via pdbedit?
> Other relevant data:
> ldapsearch -x -b "dc=hrh,dc=org" "(ObjectClass=*)"
> >current_ldapsearch.txt and looking up my account shows:
> # jslittl, People, hrh.org
> dn: uid=jslittl,ou=People,dc=hrh,dc=org
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSamAccount
> cn: jslittl
> sn: jslittl
> uid: jslittl
> uidNumber: 1004
> homeDirectory: /home/jslittl
> loginShell: /bin/bash
> gecos: System User
> sambaSID: S-1-5-21-1418864132-1159184377-506600700-3008
> description: domain admin
> sambaKickoffTime: 0
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> sambaAcctFlags: [U ]
> gidNumber: 512
> sambaPrimaryGroupSID: S-1-5-21-1418864132-1159184377-506600700-512
> sambaPwdMustChange: 2147483647
This is way more than 30 days into the future.
> sambaPwdCanChange: 1116358396
> sambaPwdLastSet: 1116358396
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050712/97672edc/attachment.bin
More information about the samba
mailing list