[Samba] SAMBA+LDAP: Domain-Policies WHERE?

Axel Werner mail at awerner.homeip.net
Thu Feb 12 13:10:25 GMT 2009


i realy got stuck on testing samba and ldap scenarios. i want to use 
PASSWORD POLICIES. But it looked like SAMBA ignores my Policy Settings 
within my LDAP DOMAIN Object.
I have set

- sambaMaxPwdAge 300
- sambaMinPwdAge 60
- sambaMinPwdLength 8
- sambaPwdHistoryLength 10

and so on.

Someone told me there is another tool called "pdbedit" i should use to 
edit my Samba Domain-Policy stuff. So i tried ... but it showed me 
"different" values..
i took lots of trouble with searching internet and reading samba docs 
for that problem. But there been no such information...

Meanwhile i found the Solution:

If you change Attributes (values) on the LDAP Domain-Object YOU HAVE TO 
RESTART THE SAMBA DAEMON and give it some time too, so it will read 
those new values.

I think this is an important information that Samba DOES NOT request 
that domain parameters "live" but only on Start-Time. So i recomment 
this should be placed in the samba docs at some points.


More information about the samba mailing list