[Samba] Samba3 ldap password change

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Tue Feb 27 16:04:23 GMT 2007

Hash: SHA1

On 02/27/2007 08:17 AM, Daniel Müller wrote:
> Hello to all,
> I got samba3 PDC working with ldap. But I' m still wondering 
> how to set important things about the users passwords.

	You can use pdbedit to configure that. Your
sambaDomainName object will have the fiedls to define
the size of password, minimum time before change, maximum
time to change, date of must change and so on.

	You can also export from tdbsam do LDAP using
something like this (from the manpage):

	pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host

> The first thing when a user login the first time should be 
> to change his/her password?

	You need to set the MustChange field to 0. Be aware
that samba has a strange behaviour with regards to CanChange
and LastSet. If you have a new user, change his password and
want that he/she changes it on the first login, you probably
will need to adjust the LastSet to $TODAY-MinPwdTime and the
CanChange to $TODAY (remember that it uses the number of secs.

	So, an example would be:

Fields			Just After 	Mandatory Change
			Chang PWD	on next logon

sambaPwdCanChange 	1173192147 	1172587347
sambaPwdLastSet 	1172587347 	1171982547
sambaPwdMustChange	1175179347 	0

> Where do I set when the passwords expire and how do I set
> it to 60 days?

	Define the number of seconds in the sambaDomainName
object, field: sambaMaxPwdAge

> I do not work mith Microsoft's usrmgr because of Vista clients.
> I look at my samba/ldap with LDAP Admin. Does someone manage
> this point with this tool?

	I use phpLDAPadmin to control our LDAP database and
to set samba options.

> greetings 
> Daniel

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list