[Samba] tdbsam allow users to change password without notice!!!
hubert.ch at wp.pl
Wed Apr 2 13:20:58 GMT 2008
I use tdbsam .
I use pdbedit -P "password hisotry" -C 3
pdbedit -P "min password length" -C 5
-P "maximum password age" -C 7776000 (90 days)
-P "minimum password age" -C 6912000 (80 days)
-P "user must logon to change password" -C 2 (on)
So my passwords need to be changed every 90 days and user can change it
after 80 days .
I use this policies 6months and everything was ok. Windows xp users
after logon was informed that they must chang password for xx days and
they can change it after 80 days.
But after changing time from winter to summer pdbedit work very strange!!
Today I have discover terrible thing. pdbedit -Lv show me that every
user changed password but windows doesn't show any notice about password
change !!! The worst think is that password history doesn't worked and
allow all users to write down the same password!!
Nobody even know that change his own password because windows doesnt'
show any notice, any window !!! They normally login as everyday do but
pdbedit "changed password last set" entry to today date !!!
Pdbedit -Lv shows that password was set eg today and next time they can
change passord for 80 days!!!! But password is the same !!!
What should I do to force samba and pdbedit to change passwords correct
and force to admonish password history !!!??
Unix username: fujitsu
Account Flags: [U ]
User SID: S-1-5-21-2794518228-724393910-221713885-2114
Primary Group SID: S-1-5-21-2794518228-724393910-221713885-513
Logon time: 0
Logoff time: never
Kickoff time: 0
Password last set: Śr, 02 IV 2008 12:52:38 CEST
Password can change: So, 21 VI 2008 12:52:38 CEST
Password must change: Wt, 01 VII 2008 12:52:38 CEST
Last bad password : 0
Bad password count : 0
Logon hours : 000000807F00807F00807F00807F00807F00000000
workgroup = geodezja
server string = Samba Server %v
interfaces = eth2 lo 10.10.10.1
bind interfaces only = Yes
; encrypt passwords = Yes
update encrypted = Yes
; client plaintext auth = Yes
log level = 2 vfs:3 auth:2 passdb:3
log file = /var/log/samba/%U.%m.log
; max log size = 5000
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
printer admin = root, at domadm
load printers = yes
printing = cups
cups options = raw
logon script = %G.CMD
logon path =
logon home =
domain logons = yes
os level = 128
preferred master = yes
domain master = yes
; local master = yes
remote browse sync = none
remote announce = none
dns proxy = No
wins support = yes
name resolve order = wins bcast host lmhosts
hosts allow = 10.10.10.1/255.255.255.0
; unix password sync = no
security = user
; password level = 0
; null passwords = no
; deadtime = 0
; map to guest = never
create mask = 0777
nt acl support = no
time server = yes
; enable privileges = yes
passdb backend = tdbsam
username map = /etc/samba/smbusers
Cracow Screen Festival (CSF) Kraków, 2-4 maja 2008
Koncerty oraz sztuka videografii w przestrzeni miejskiej!
Bryan Ferry, Underworld, The Raveonettes, Mattafix
More information about the samba