[Samba] net ads join, machine password non-expiring
fred.samba at fredsnet.org
fred.samba at fredsnet.org
Wed Oct 15 16:46:13 GMT 2008
Hi,
I have a question about the machine account when one does "net ads join -U
admin at REALM.COM
when I join a machine to the domain, the machine account that gets created
has a non-expiring password. This is only a problem for the security team
that monitors our domain, they frown on any accountt that has a
non-expiring password..
Is there a switch that I can throw that will create the machine with an
expiring password?
I've used the "machine password timeout" switch in my smb.conf.
I can go back and with an vb-script throw that switch after the fact, but
if there was another way, it'd be good to know.
Thanks for your help!
Kindest regards,
Fred
.
smb.conf
[code]
[global]
workgroup = US
realm = MY.DOM.COM
netbios name = adc070201-015
server string = Samba Server- Mandriva 2009.0
security = ADS
auth methods = winbind
password server = pwd1.dom.com pwd2.dom.com pwd3.dom.com
log level = 1
log file = /var/log/samba/%m.log
max log size = 250
name resolve order = wins bcast host lmhosts
server signing = auto
client ntlmv2 auth = yes
os level = 5
preferred master = No
local master = No
domain master = No
browse list = No
enhanced browsing = No
wins server = ip1.ip2.ipa.ipb
idmap uid = 70000-2000000
idmap gid = 70000-2000000
winbind separator = +
valid users = @"valid users"
admin users = @"admin users"
read list = @"read users"
write list = @"write users"
map acl inherit = Yes
host msdfs = no
machine password timeout = 604800
[burn]
path = /data1/burn1
valid users = @"valid users"
admin users = @"admin users"
invalid users = @keepout
read list = @"read users"
write list = @"write users"
More information about the samba
mailing list