[Samba] Forcing Password Changes

Wed Nov 30 14:18:07 GMT 2005

which backend are you running?
it´s fairly easy with openldap and some scriping

cheerz

Michael Barnes wrote:
> I'm using samba-3.0.10-1.4E.2
> 
> I found how to change the maximum age,
> [root][WRN3:~]> pdbedit -P "maximum password age" -C 180
> account policy value for maximum password age was 90
> account policy value for maximum password age is now 180
> 
> But I still can't seem to change anything in the individual user 
> parameters.
> 
> Also, I see that the bad password counter does not increment when the 
> user fails to log in.  I purposefully used about ten bad passwords in a 
> row and nothing showed up in "pdbedit -L -v <user>".
> 
> Michael
> 
> 
> Craig White told me on 11/17/2005 14:05:
> 
>> On Thu, 2005-11-17 at 13:46 -0600, Michael Barnes wrote:
>>
>>> Actually two issues on this subject.  Migrating to a new system. 
>>> First, I want to set all accounts so when the user logs in the first 
>>> time, he is asked to set a new password.
>>>
>>> Second, I need to have passwords expire and require a change every 3 
>>> months.
>>>
>>> As I understand it, First, I need to set "Password must change: " to 
>>> '0'.  For the second one, I need to set the maximum password age.
>>>
>>> I am using the tdbsam password backend.  The command I found to reset 
>>> the password was "pdbedit --pwd-must-change-time=0 -u <user>".  When 
>>> I run this, I get a response of "<user>:507:<Real Name>".  However, 
>>> after looking at it with "pdbedit -L -v <user>"  Nothing changes.
>>>
>>> I also cannot find anywhere to change the password maximum age.
>>>
>>> Ideas appreciated.
>>
>>
>> ----
>> samba version?  As I recall, this wasn't implemented immediately in
>> Samba 3.0.0 but somewhere down the road.
>>
>> Craig
>>
>>

-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137