[Samba] Re: Password expiry for samba & posix accounts in LDAP

Jamrock news_jamrock at yahoo.com
Sat Aug 19 00:01:33 GMT 2006

"Plant, Dean" <dean.plant at roke.co.uk> wrote in message 
news:2181C5F19DD0254692452BFF3EAF1D6802671911 at rsys005a.comm.ad.roke.co.uk...
Can someone install some confidence in me that the way I am dealing with
syncing password expiry dates between Samba and Posix accounts in LDAP
is correct.

The question has come up on the list a couple of times but the answer,
using "unix password sync = Yes" and changing the ShadowLastChange LDAP
attribute via an external script seems rather clunky. Is this really the
correct way to do it, when only allowing changing of passwords via
Windoze? or am I missing something obvious that enables this to be done
within the Samba/OpenLDAP configuration.



We have used a single Openldap directory to authenticate Samba, qmail and 

We add the line

ldap passwd sync = yes

to our smb.conf file.

When the users change their Windows passwords from a Windows workstation, 
the Samba and ldap passwords are both changed.

More information about the samba mailing list