[Samba] Samba Password Expiry Date
Matthias Spork
hallo at matthiasspork.de
Thu Jun 2 08:04:47 GMT 2005
Hello,
> so, i am seeking the solution making the password expiry feature
> avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.
the password expires in Unix and Samba.
Samba does all changes for itself. You can set password-age to 60 days
by typing:
#> pdbedit -P "maximum password age" -C 5007600
For Linux you have to change "shadowlastchange" in LDAP. I wrote a
script for this:
smb.conf:
#---------------------------------------------------------
unix password sync = yes
passwd program = /etc/samba/scripts/ldap_userPassword_change %u
passwd chat = *New*password* %n\n *new*password* %n\n *Success*
#---------------------------------------------------------
/etc/samba/scripts/ldap_userPassword_change:
#---------------------------------------------------------
#!/bin/sh
LDAP_SERVER="ldapserver"
LDAP_USER="uid=userPassChange,o=mydomain,c=com"
LDAP_PASS="secret"
LDAP_PASSWD="/usr/bin/ldappasswd"
LDAP_MODIFY="/usr/bin/ldapmodify"
#DN of User
USER_DN="uid=$1,ou=users,o=mydomain,c=com"
#Get Date
TS=`date +%s`
SLC="$(($TS/24/3600))"
#-> MODIFY userPassword
$LDAP_PASSWD -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS -S $USER_DN
#-> MODIFY shadowlastchange
if [ $? -eq 0 ]; then
echo "dn: $USER_DN
changetype: modify
replace: shadowLastChange
shadowLastChange: $SLC" | $LDAP_MODIFY -x -h $LDAP_SERVER -D $LDAP_USER
-w $LDAP_PASS >/dev/null 2>&1
fi
exit
#---------------------------------------------------------
kind regards
Matthias
Hiu Yen Onn schrieb:
> Hi,
>
> i have configured a Samba PDC based on idealx.org.
> now, whenever i set the sambaMustChangePassword flag to 0, then
> from the subsequent logon, there is a popup urge me for changing password.
> now, the problem is after i have changed the password, the
> sambaMustChangePassword
> is set to 2147483647(unix timestamp), which if i converted it into human
> readable format, it will be 2038 year, bla..bla..and bla second. it is
> really unbelieveable that my password will be lasted until year 2038
> year??? i have looked thoroughly on the internet resources, some
> mentioning about on defaultMaxPasswordAge flag. I think i have set it to
> 55 (actually, i dunno whether what is the quantity representing, day??
> time??). but, i have no point to make it works.
>
> so, i am seeking the solution making the password expiry feature
> avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.
>
> Cheers,
> yenonn
More information about the samba
mailing list