[Samba] net ads join, machine password non-expiring

fred.samba at fredsnet.org fred.samba at fredsnet.org
Wed Oct 15 16:46:13 GMT 2008


I have a question about the machine account when one does "net ads join -U
admin at REALM.COM

when I join a machine to the domain, the machine account that gets created
has a non-expiring password.  This is only a problem for the security team
that monitors our domain, they frown on any accountt that has a
non-expiring password..

Is there a switch that I can throw that will create the machine with an
expiring password?

I've used the "machine password timeout" switch in my smb.conf.

I can go back and with an vb-script throw that switch after the fact, but
if there was another way, it'd be good to know.
Thanks for your help!

Kindest regards,

 workgroup = US
 realm = MY.DOM.COM
 netbios name = adc070201-015
 server string = Samba Server- Mandriva 2009.0
 security = ADS
 auth methods = winbind
 password server = pwd1.dom.com pwd2.dom.com pwd3.dom.com
 log level = 1
 log file = /var/log/samba/%m.log
 max log size = 250
 name resolve order = wins bcast host lmhosts
 server signing = auto
 client ntlmv2 auth = yes
 os level = 5
 preferred master = No
 local master = No
 domain master = No
 browse list = No
 enhanced browsing = No
 wins server = ip1.ip2.ipa.ipb
 idmap uid = 70000-2000000
 idmap gid = 70000-2000000
 winbind separator = +
 valid users = @"valid users"
 admin users = @"admin users"
 read list = @"read users"
 write list = @"write users"
 map acl inherit = Yes
 host msdfs = no
 machine password timeout = 604800
 path = /data1/burn1
 valid users = @"valid users"
 admin users = @"admin users"
 invalid users = @keepout
 read list = @"read users"
 write list = @"write users"

More information about the samba mailing list