[Samba] sambaDomain Policies Implemented?

eric roseme eroseme at emonster.rose.hp.com
Tue Aug 21 17:11:05 GMT 2007



Are the sambaDomain account policies sambaLogonToChgPwd and 
sambaRefuseMachinePwdChange implemented on 3.0.22 to 3.0.25b?

First, even with "passdb backend = ldapsam:ldap://...." pdbedit actually 
edits account_policy.tdb for these two attributes.

Second, despite the attribute value (0, 1, or 2 using ldapmodify), XP 
client (also smbclient) logon behavior is unchanged.  I looked
through the code in account_pol.c and it does not appear that Samba 
tests the values for these attributes - like they are not implemented. I 
am not a coder so I got a second opinion from someone who is.

Thanks,

Eric Roseme
Hewlett-Packard

System stuff:
HP-UX 11.11 and HP-UX 11.23
Samba 3.0.22 and Samba Opensource 3.0.25b
Red Hat Directory Server 7.1

smb.conf

[global]
         workgroup = SAMBAATC
         netbios name = SAMBAPDC
         server string = Samba Server
         interfaces = xx.xx.xx.xxx, 127.0.0.1
         bind interfaces only = yes
         encrypt passwords = Yes
         passdb backend = ldapsam:ldap://SAMBAPDC.rose.hp.com
         log level = 10
         syslog = 0
         log file = /var/opt/samba/log.%m
         max log size = 1000
         domain logons = Yes
         preferred master = Yes
         domain master = Yes
         ldap server = SAMBAPDC.rose.hp.com
         ldap suffix = dc=rose,dc=hp,dc=com
         ldap group suffix = ou=Groups
         ldap user suffix = ou=People
         ldap admin dn = cn=Directory Manager
         read only = No
         short preserve case = No
         dos filetime resolution = Yes


More information about the samba mailing list