[Samba] Samba 3 LDAP password policies

Stefan Schmitz stevie-s at gmx.de
Fri Oct 6 14:38:19 GMT 2006

Hi List,

I hope sombody can give a Solution for the following behaviour:

First the environment:

One Samba 3.0.23b PDC with LDAP Backend (OpenLDAp 2.3)
Another Samba 3.0.23b BDC with replicated LDAP Backend (OpenLDAP 2.3)
Account policies set in LDAP and importet on both Samba PCs by pdbedit
-y -i ldapsam as follows (working almost fine at least for password
history, min length and bad logon attempt):

min password length		=> 7
password history		=> 3
maximum password age		=> 7776000 i.e. 90 days
minimum password age		=> 86400   i.e. 1 day

Now the behaviour:

If I set the password as admin with smbpasswd the parameters password
must change, password last change and password can change are set to the
correct values according to the above policies. No I want the user to be
able to change his password on the same day so I changed the password
can change parameter, but if a user wants to change his password it
doesn't matter wich value is set in password can change. The first date
a user may change his password is:

<password last changed> + <minimum password age>

Is the parameter password can change just informational?

Kind regards


More information about the samba mailing list