[Samba] Samba 3 LDAP password policies

Cybionet cybionet at videotron.ca
Fri Oct 6 23:35:12 GMT 2006

Greeting Stefan,

I have the same result. The 'Password can change' don't have any effect.

> Hi List,
> I hope sombody can give a Solution for the following behaviour:
> First the environment:
> One Samba 3.0.23b PDC with LDAP Backend (OpenLDAp 2.3)
> Another Samba 3.0.23b BDC with replicated LDAP Backend (OpenLDAP 2.3)
> Account policies set in LDAP and importet on both Samba PCs by pdbedit
> -y -i ldapsam as follows (working almost fine at least for password
> history, min length and bad logon attempt):
> min password length		=> 7
> password history		=> 3
> maximum password age		=> 7776000 i.e. 90 days
> minimum password age		=> 86400   i.e. 1 day
> Now the behaviour:
> If I set the password as admin with smbpasswd the parameters password
> must change, password last change and password can change are set to the
> correct values according to the above policies. No I want the user to be
> able to change his password on the same day so I changed the password
> can change parameter, but if a user wants to change his password it
> doesn't matter wich value is set in password can change. The first date
> a user may change his password is:
> <password last changed> + <minimum password age>
> Is the parameter password can change just informational?
> Kind regards
> Stefan

More information about the samba mailing list