[Samba] Can samba ensure that a user did not enter the previous password when password expired?

Matt Ingram mingram at cbnco.com
Tue Mar 28 16:59:06 GMT 2006


you need to setup some password policies.. I was just playing with this 
a couple days ago.. seems to work very nicely  :)

It stores all the information in the LDAP Entry for the Domain 
(sambaDomainName=yourdomain)

anyway.. here's the link I learnt from:

http://searchopensource.techtarget.com/tip/1,289483,sid39_gci1152805,00.html?bucket=ETA 


specifically, you need to set the "password history" setting.

I don't think you can just modify the entries in ldap.. I think you have 
to use pdbedit, as stated on the document..

good luck :)


Jan Stavel wrote:
> Hello,
> I have working PDC with ldap
>
>  samba                         3.0.21c-1
>
> I try to force users change their password by setting password
> expiration. It works - the samba asks a user to change his password.
>
> But user can set value of the password to the previos one and system
> accepts it - at the end no change was made :-)
>
> Can samba check whether user really changed value of his password?
>
>  I tried to change password format from SSHA to SHA (it can be checked)
> but no
>  result.
>
>  Thanks for advice,
>  Jan Stavel
>

-- 
Matt Ingram
Intermediate Unix Administrator, IS
Canadian Bank Note Company, Limited
\m/



More information about the samba mailing list