[Samba] Re: Enforcing Password Policies...
Matt Anderson
sokkerstud_11 at hotmail.com
Wed Aug 8 20:22:36 GMT 2007
> The problem is that he can still modify its LDAP password.
> You could add acls to your slapd.conf such that only your
> ldap admin dn has write acces to the userPassword attribute.
> In this case the only way to change the password is via samba.
>
> HTH,
> Thierry.
>
Hi Thierry,
Modifying SambaPwdCanChange did help... but for some reason I can't set the date
to more than 30 (or so) years in the future--not that I need more than that, I
just thought it was interesting. BTW- I'm using eDirectory as the backend,
which seems to be blocking Windows users OK. So thanks for your help on that.
Anyone with any thoughts one why the account lockout isn't clearing?
Thanks!
-Matt
More information about the samba
mailing list