[Samba] password aging in Samba 3
John H Terpstra
jht at Samba.Org
Tue Jun 21 17:09:57 GMT 2005
On Tuesday 21 June 2005 09:26, Kurt Bechstein wrote:
> > > The next question is about password aging. I have a client that would
> > > like to have the user have to reset their password after 60 days. I've
> > > seen some inklings online of being able to do with pdbedit, but the
> > > documentation seems non-existent at best on how to do this. Maybe this
> > > is also doable with a policy setup. I haven't actually tried that one
> > > yet so if that works just let me know and I'll dig into that. Thanks
> > > in advance.
> > You can use either the NT4 Domain User Manager to manage all aspects of
> > your user and group accounts, or you can use pdbedit from the command
> > line.
> I've tried using the NT4 Domain Manager in conjunction with the tdbsam
> backed but haven't had any luck as far as password aging goes. It
> doesn't seem to be making any changes at least as far pdbedit -L -v
> goes. Also, I've tried to change the max password age via pdbedit -P
> "max password age" -C ????. However, according to M$'s documentation
> this value is stored from 1-999 but this doesn't look like what the tdb
> file is storing. What type of parameter do I need to pass to pdbedit to
> enforce a 60 day password expiration? I'm doing this on Red Hat
> enterprise 4 by the way. Thanks in advance.
The maximum password age is stored in seconds. 1 day == 86400 seconds
The useful range that matches NT4 capabilities is 86400 - 86313600 sec (999
days). When you set this to never expire in NT4 it sets to 4294967295 sec.
So, 60 days = 5184000
- John T.
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba