[Samba] sambaDomain Policies Implemented?

eric roseme eroseme at emonster.rose.hp.com
Tue Aug 21 16:02:11 GMT 2007


Are the sambaDomain account policies sambaLogonToChgPwd and 
sambaRefuseMachinePwdChange implemented on 3.0.22 to 3.0.25b?

First, even with "passdb backend = ldapsam:ldap://...." pdbedit actually 
edits account_policy.tdb for these two attributes.

Second, despite the attribute value (0, 1, or 2 using ldapmodify), XP 
client (also smbclient) logon behavior is unchanged.  I looked
through account_pol.c and it does not appear that Samba tests the values 
for these attributes - like they are not implemented. I double-checked 
with someone who is much better with the code than I am.

HP-UX 11.11 and 11.23
Samba 3.0.22 and (Opensource) 3.0.25b
Red Hat Directory Server 7.1 backend

smb.conf

[global]
         workgroup = SAMBAATC
         netbios name = SAMBAPDC
         server string = Samba Server
         interfaces = xx.xx.xx.xxx, 127.0.0.1
         bind interfaces only = yes
         encrypt passwords = Yes
         passdb backend = ldapsam:ldap://sambapdc.rose.hp.com
         log level = 10
         syslog = 0
         log file = /var/opt/samba/log.%m
         max log size = 1000
         domain logons = Yes
         preferred master = Yes
         domain master = Yes
         ldap server = sambapdc.rose.hp.com
         ldap suffix = dc=rose,dc=hp,dc=com
         ldap group suffix = ou=Groups
         ldap user suffix = ou=People
         ldap admin dn = cn=Directory Manager
         read only = No
         short preserve case = No
         dos filetime resolution = Yes

Thanks,

Eric Roseme
Hewlett-Packard


More information about the samba mailing list