[Samba] password aging in Samba 3

Kurt Bechstein kurt at uniqsys.com
Tue Jun 21 15:26:07 GMT 2005


On Tue, 2005-06-21 at 09:13 -0600, John H Terpstra wrote:
> On Tuesday 21 June 2005 09:03, Kurt Bechstein wrote:
> > Ok, I'm rigging myself up a Samba 3 PDC for a variety of Windows
> > clients.  Anything from 98 on up to XP and everything in between.  For
> > the most part it hasn't been a big deal.  I've got a couple of questions
> > I want to run by the list and see if anyone has figured this one out.
> >
> > My first question is about the [profiles] share.  Is this share really
> > needed?  The documentation never really comes out and says it.  I'm not
> > setting up roaming profiles so I'm assuming I won't need it.
> 
> If you are not using roaming profiles you do NOT need a profiles share. There! 
> I've said it!

Ok,  Thanks!

> 
> >
> > The next question is about password aging.  I have a client that would
> > like to have the user have to reset their password after 60 days.  I've
> > seen some inklings online of being able to do with pdbedit, but the
> > documentation seems non-existent at best on how to do this.  Maybe this
> > is also doable with a policy setup.  I haven't actually tried that one
> > yet so if that works just let me know and I'll dig into that.  Thanks in
> > advance.
> 
> You can use either the NT4 Domain User Manager to manage all aspects of your 
> user and group accounts, or you can use pdbedit from the command line.

I've tried using the NT4 Domain Manager in conjunction with the tdbsam
backed but haven't had any luck as far as password aging goes.  It
doesn't seem to be making any changes at least as far pdbedit -L -v
goes.  Also, I've tried to change the max password age via pdbedit -P
"max password age" -C ????.  However, according to M$'s documentation
this value is stored from 1-999 but this doesn't look like what the tdb
file is storing.  What type of parameter do I need to pass to pdbedit to
enforce a 60 day password expiration?  I'm doing this on Red Hat
enterprise 4 by the way.  Thanks in advance.

> 
> I am in the process of competing the second edition of the Samba-3 HOWTO. 
> Apologies that it has not be done faster. I've been working full-time on the 
> documentataion since January 2005.

This will be excellent.  I've had my nose buried in the first edition
for the last couple of days and it has been very helpful.  





More information about the samba mailing list