[Samba] Revisiting Samba's interaction with LDAP's ppolicy overlay

Adam Tauno Williams adamtaunowilliams at gmail.com
Mon Sep 29 14:14:01 GMT 2008

> >> Some months back, I entertained a conversation with Volker Lendecke, 
> >> Adam Tauno Williams, and Simo Sorce about getting Samba to play nice 
> >> with LDAP's ppolicy overlay.  (Thread starts here: 
> >> http://www.mail-archive.com/samba@lists.samba.org/msg92134.html and ends 
> >> here: http://www.mail-archive.com/samba@lists.samba.org/msg92214.html)  
> >> I was wondering if any progress had been made on this front that would 
> >> make the job of maintaining PCI/DSS compliance for Samba PDC shops a bit 
> >> more streamlined?  
>My workaround was to implement the same security policy in Samba via 
> pdbedit, so essentially the LDAP policies were duplicated in Samba.  
> Another thread I was involved in back then 
> (http://lists.samba.org/archive/samba/2008-April/139594.html) briefly 
> describes this.  But, again, this is far from the perfect situation of 
> having one universal way to enforce password policies, and still has 
> it's share of problems.

This is, AFAIK, the only solution currently.  We do the same thing.  It stinks.
          Consonance: an Open Source .NET OpenGroupware client.
 Contact:awilliam at whitemiceconsulting.com   http://freshmeat.net/projects/consonance/

More information about the samba mailing list