[Samba] Sambapwdcanchange is not working!

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Mon Mar 5 13:33:57 GMT 2007

Hash: SHA1

On 03/02/2007 06:50 PM, Eduardo Fernandes wrote:
> Hi all,
> We are trying to avoid that some specific users can change 
> their passwords. For that we are setting the
> sambapwdcanchange parameter in smbldap-usermod using the
> key -A 0. We have checked that the parameter
> sambapwdcanchange was altered for a date in the future
> using pdbedit -Lv nameuser. However, when we tested if the
> user is able to change the password using a WINXP PRO the
> user was permited to change it. Any suggestions about this
> problem? Thanks for any information.
> Samba version: 3.0.24
> Linux: Debian 3.1

	PwdCanChange, PwdLastSet and PwdMustChange can be
tricky. For some reason, and there are bug reports with
regards to this behaviour, the fields of the LDAP user must
be compatible with the Domain Policy (sambaDomainName).

	For example, we want to create new users, change
their password and make mandatory a change of password on
the first login, we discovered that the only possible way
to do that (right now) is to change the fields to look
like the password change was one week ago, we do a "field
dance" explained in a thread on this maillist a few days

	Depending on how did you set up the age of the
password, changing the CanChange in the way you are doing
would not work.

> Eduardo

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list