[Samba] Samba LDAP entries for Password Change

Albrecht Dreß albrecht.dress at lios-tech.com
Tue Sep 16 14:27:53 GMT 2008

Hi all,

I have a question regarding the enforced change of passwords in Samba  
3.0.28 (coming with Ubuntu Hardy) in connection with a LDAP backend.   
In particular, I am looking for a documentation how the fields  
sambaMinPwdAge, sambaMaxPwdAge (from sambaDomain), sambaPwdCanChange  
and sambaPwdMustChange (from sambaSAMAccount) interact.

I would like to have the following:
- when a new account is created, the user immediately must change the  
password when [s]he first logs in;
- after that, the password shall expire after x days.

Unfortunately, I tried a number of combinations without success.   
Everything seems to be controlled by the sambaMaxPwdAge setting  
(seconds relative to sambaPwdLastSet when the password must be  
changed?), and the other entries seem to be irrelevant?

Any documentation/pointer would be welcome!

Thanks, Albrecht.

More information about the samba mailing list