[Samba] maximum password age question

Mark Saad nonesuch at longcount.org
Tue Dec 27 09:03:53 MST 2011

Hello List
  I am working on upgrading a older Samba 3.0.16 setup that uses
openldap as its back-end for passwords and users.
I built a clone of our setup using CentOS 5.6 and Openldap 2.4.20 ,
with Samba 3.6.1 .

My issue.

After successfully building and install Samba users can not
authenticate to the server. They are prompted with errors about
Needing to change their password.

Looking at my user info on the samba server I see the following issue.

#  pdbedit -vu msaad
Unix username:        msaad
NT username:          msaad
Account Flags:        [U          ]
User SID:             S-1-5-21-64374432-364290046-3597965222-2970
Primary Group SID:    S-1-5-21-3988802677-3356876598-2018608366-513
Full Name:            Mark Saad
Home Directory:       \\nycifs3\msaad
HomeDir Drive:
Logon Script:
Profile Path:         \\nycifs3\msaad\profile
Domain:               NYCIFS3
Account desc:         hardluck
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Thu, 01 Jan 1970 00:00:10 GMT
Password can change:  Thu, 01 Jan 1970 00:00:10 GMT
Password must change: never
Last bad password   : 0
Bad password count  : 0

So I tried to set the max password age to -1

# pdbedit -P "maximum password age" -C -1
valid account policy, but unable to fetch value!
account policy "maximum password age" description: Maximum password
age, in seconds (default: -1 => never expire passwords)
account policy "maximum password age" value was: 4294967295
valid account policy, but unable to set value!

Does anyone know what the root issue is ?

mark saad | nonesuch at longcount.org

More information about the samba mailing list