[Samba] "refuse machine password change" policy

John P Janosik jpjanosi at us.ibm.com
Thu Sep 28 14:28:09 GMT 2006

> We have a PDC and BDC with Samba 3.0.23a and an LDAP backend. The
> "refuse machine password change" policy was set on both (and both
> restarted).
> Computers on that domain seem to ignore the setting, as confirmed both
> by a packet capture and by looking at it in the backend.
> Is the policy fully supported in Samba? Any ideas?
> Thanks!

It has been over a year since I looked at this, but at that time with
3.0.20 this setting only affected what Samba returned when a client asked
what the policy was, Samba did not enforce the policy on the server side.
In my testing clients only honored it and did not try to change their
machine passwords when the policy was set at the time they joined the

John Janosik

More information about the samba mailing list