[Samba] Enforcing Password Policies...

Matt Anderson sokkerstud_11 at hotmail.com
Wed Aug 8 18:17:52 GMT 2007


Dear Help,

I'm currently running Samba with an LDAP passdb backend.  I'm trying to figure
out how to NOT allow a particular user to change their password (through
Windows, or any interface).  I've tried modifying the values for
sambaPwdCanChange and sambaPwdMustChange for a particular user, but it seems
like it only effects making them change their password, instead of whether or
not they're ALLOWED to.

Secondly, I've used pdbedit to edit the lockout policies when using a bad
password ("lockout duration" = 30, "bad lockout attempt" = 5" and "reset count
minutes" = 30).  When I type in the wrong password 5 times for a user, it locks
the account as it should.  However, 30 minutes later (or more) it's still locked
and the bad attempt count is not being reset.  Is there something else I need to
modify to make this functionality work?

Any help would be most appreciated.  Thank you!

-Matt



More information about the samba mailing list