[Samba] Sambapwdcanchange is not working!
Felipe Augusto van de Wiel
felipe at paranacidade.org.br
Mon Mar 5 13:33:57 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/02/2007 06:50 PM, Eduardo Fernandes wrote:
> Hi all,
>
> We are trying to avoid that some specific users can change
> their passwords. For that we are setting the
> sambapwdcanchange parameter in smbldap-usermod using the
> key -A 0. We have checked that the parameter
> sambapwdcanchange was altered for a date in the future
> using pdbedit -Lv nameuser. However, when we tested if the
> user is able to change the password using a WINXP PRO the
> user was permited to change it. Any suggestions about this
> problem? Thanks for any information.
>
> Samba version: 3.0.24
> Linux: Debian 3.1
PwdCanChange, PwdLastSet and PwdMustChange can be
tricky. For some reason, and there are bug reports with
regards to this behaviour, the fields of the LDAP user must
be compatible with the Domain Policy (sambaDomainName).
For example, we want to create new users, change
their password and make mandatory a change of password on
the first login, we discovered that the only possible way
to do that (right now) is to change the fields to look
like the password change was one week ago, we do a "field
dance" explained in a thread on this maillist a few days
ago.
Depending on how did you set up the age of the
password, changing the CanChange in the way you are doing
would not work.
> Eduardo
Kind regards,
- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF7BxFCj65ZxU4gPQRAvkLAKCHipqFoK6HekGwO14d3znjxINB0QCdGXKs
fYc9XpUZvCIDk39Br9TMd1k=
=wQu7
-----END PGP SIGNATURE-----
More information about the samba
mailing list