[Samba] Forcing Password Changes

Michael Barnes mbarnes at hcjb.org
Thu Nov 17 20:31:24 GMT 2005

I'm using samba-3.0.10-1.4E.2

I found how to change the maximum age,
[root][WRN3:~]> pdbedit -P "maximum password age" -C 180
account policy value for maximum password age was 90
account policy value for maximum password age is now 180

But I still can't seem to change anything in the individual user parameters.

Also, I see that the bad password counter does not increment when the 
user fails to log in.  I purposefully used about ten bad passwords in a 
row and nothing showed up in "pdbedit -L -v <user>".


Craig White told me on 11/17/2005 14:05:
> On Thu, 2005-11-17 at 13:46 -0600, Michael Barnes wrote:
>>Actually two issues on this subject.  Migrating to a new system. First, 
>>I want to set all accounts so when the user logs in the first time, he 
>>is asked to set a new password.
>>Second, I need to have passwords expire and require a change every 3 months.
>>As I understand it, First, I need to set "Password must change: " to 
>>'0'.  For the second one, I need to set the maximum password age.
>>I am using the tdbsam password backend.  The command I found to reset 
>>the password was "pdbedit --pwd-must-change-time=0 -u <user>".  When I 
>>run this, I get a response of "<user>:507:<Real Name>".  However, after 
>>looking at it with "pdbedit -L -v <user>"  Nothing changes.
>>I also cannot find anywhere to change the password maximum age.
>>Ideas appreciated.
> ----
> samba version?  As I recall, this wasn't implemented immediately in
> Samba 3.0.0 but somewhere down the road.
> Craig

More information about the samba mailing list