[Samba] Can samba ensure that a user did not enter the previous password when password expired?

Matt Ingram mingram at cbnco.com
Tue Mar 28 16:59:06 GMT 2006

you need to setup some password policies.. I was just playing with this 
a couple days ago.. seems to work very nicely  :)

It stores all the information in the LDAP Entry for the Domain 

anyway.. here's the link I learnt from:


specifically, you need to set the "password history" setting.

I don't think you can just modify the entries in ldap.. I think you have 
to use pdbedit, as stated on the document..

good luck :)

Jan Stavel wrote:
> Hello,
> I have working PDC with ldap
>  samba                         3.0.21c-1
> I try to force users change their password by setting password
> expiration. It works - the samba asks a user to change his password.
> But user can set value of the password to the previos one and system
> accepts it - at the end no change was made :-)
> Can samba check whether user really changed value of his password?
>  I tried to change password format from SSHA to SHA (it can be checked)
> but no
>  result.
>  Thanks for advice,
>  Jan Stavel

Matt Ingram
Intermediate Unix Administrator, IS
Canadian Bank Note Company, Limited

More information about the samba mailing list