[Samba] sambaDomain Policies Implemented?
eric roseme
eroseme at emonster.rose.hp.com
Tue Aug 21 16:02:11 GMT 2007
Are the sambaDomain account policies sambaLogonToChgPwd and
sambaRefuseMachinePwdChange implemented on 3.0.22 to 3.0.25b?
First, even with "passdb backend = ldapsam:ldap://...." pdbedit actually
edits account_policy.tdb for these two attributes.
Second, despite the attribute value (0, 1, or 2 using ldapmodify), XP
client (also smbclient) logon behavior is unchanged. I looked
through account_pol.c and it does not appear that Samba tests the values
for these attributes - like they are not implemented. I double-checked
with someone who is much better with the code than I am.
HP-UX 11.11 and 11.23
Samba 3.0.22 and (Opensource) 3.0.25b
Red Hat Directory Server 7.1 backend
smb.conf
[global]
workgroup = SAMBAATC
netbios name = SAMBAPDC
server string = Samba Server
interfaces = xx.xx.xx.xxx, 127.0.0.1
bind interfaces only = yes
encrypt passwords = Yes
passdb backend = ldapsam:ldap://sambapdc.rose.hp.com
log level = 10
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 1000
domain logons = Yes
preferred master = Yes
domain master = Yes
ldap server = sambapdc.rose.hp.com
ldap suffix = dc=rose,dc=hp,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap admin dn = cn=Directory Manager
read only = No
short preserve case = No
dos filetime resolution = Yes
Thanks,
Eric Roseme
Hewlett-Packard
More information about the samba
mailing list