[Samba] Samba Password Expiry Date

Matthias Spork hallo at matthiasspork.de
Thu Jun 2 08:04:47 GMT 2005


Hello,

 > so, i am seeking the solution making the password expiry feature
 > avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.

the password expires in Unix and Samba.

Samba does all changes for itself. You can set password-age to 60 days 
by typing:

#> pdbedit -P "maximum password age" -C 5007600

For Linux you have to change "shadowlastchange" in LDAP. I wrote a 
script for this:

smb.conf:
#---------------------------------------------------------
unix password sync = yes
passwd program = /etc/samba/scripts/ldap_userPassword_change %u
passwd chat = *New*password* %n\n *new*password* %n\n *Success*
#---------------------------------------------------------

/etc/samba/scripts/ldap_userPassword_change:
#---------------------------------------------------------
#!/bin/sh

LDAP_SERVER="ldapserver"
LDAP_USER="uid=userPassChange,o=mydomain,c=com"
LDAP_PASS="secret"
LDAP_PASSWD="/usr/bin/ldappasswd"
LDAP_MODIFY="/usr/bin/ldapmodify"

#DN of User
USER_DN="uid=$1,ou=users,o=mydomain,c=com"

#Get Date
TS=`date +%s`
SLC="$(($TS/24/3600))"

#-> MODIFY userPassword
$LDAP_PASSWD -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS -S $USER_DN

#-> MODIFY shadowlastchange
if [ $? -eq 0 ]; then
echo "dn: $USER_DN
changetype: modify
replace: shadowLastChange
shadowLastChange: $SLC" | $LDAP_MODIFY -x -h $LDAP_SERVER -D $LDAP_USER 
-w $LDAP_PASS >/dev/null 2>&1
fi

exit
#---------------------------------------------------------

kind regards
Matthias


Hiu Yen Onn schrieb:
> Hi,
> 
> i have configured a Samba PDC based on idealx.org.
> now, whenever i set the sambaMustChangePassword flag to 0, then
> from the subsequent logon, there is a popup urge me for changing password.
> now, the problem is after i have changed the password, the 
> sambaMustChangePassword
> is set to 2147483647(unix timestamp), which if i converted it into human 
> readable format, it will be  2038 year, bla..bla..and bla second. it is 
> really unbelieveable that my password will be lasted until year 2038 
> year??? i have looked thoroughly on the internet resources, some 
> mentioning about on defaultMaxPasswordAge flag. I think i have set it to 
> 55 (actually, i dunno whether what is the quantity representing, day?? 
> time??). but, i have no point to make it works.
> 
> so, i am seeking the solution making the password expiry feature 
> avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.
> 
> Cheers,
> yenonn


More information about the samba mailing list