[Samba] pdbedit -P "password history" doesn't work !!

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Wed Sep 19 15:23:43 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hubert Choma wrote, On 19-09-2007 06:36:
> Hi !
> This is my firs post here. I've got a problem with password history 
> policy -C 3 which doesn't work !!
> I set policy
> pdbedit -P "maximum password age" -C 777600 (90days)
> pdbedit -P "minimum password age" -C 691200 (80days)
>            "user must logon to change password" -C 2
>            "password history" -C 3
> 
> On clients (XP PRO) some of people doesn't see warrning with "password 
> expired" information and password history doesn't work !!! I can set 
> still the same password .

	Usually this only affects users _after_ the policy
is in place. In my experience, only after we made all the
users change their passwords, the policy applied to them
all, from time to time, for whatever reason, the policy
lost our setup and fallback to default, I'm using LDAP as
a backend and Samba 3.0.24 in Debian.


> My backend is smbpasswd in smb.conf .I tried with pdbedit but when I 
> changed backend after restarting samba XP cannot login because it must 
> be added to domain again. In my production serwer I use smbpasswd 
> backend. So I don't want to add all computers again to domain!!! SID of 
> domain is the same like before !

	I think you can use pdbedit to help you changing
backends, you shouldn't need to rejoin all machines just
because you change the passdb, some people move from
smbpasswd to LDAP and are able to avoid that.


> Why after changing backend i must add again computer to domain??

	Because some info got lost in the migration. Try
to use pdbedit to migrate the info from one backend to
the other.


> To use pdbedit policies which backend should I use ??
> Please help!!!
> My ver. of samba
> Version 3.0.26a-0.fc7

	Any one. :-)

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing


	Kind regards,
- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG8T7+Cj65ZxU4gPQRCEedAJ9gHrISmyqszhD/vHTVjoohL8Y+mgCfUxuM
kw55AwgJg1OOhcDUXjJFhRc=
=eabD
-----END PGP SIGNATURE-----

More information about the samba mailing list