[Samba] maximum password age question

TAKAHASHI Motonobu monyo at monyo.com
Tue Dec 27 09:54:10 MST 2011

From: Mark Saad <nonesuch at longcount.org>
Date: Tue, 27 Dec 2011 11:03:53 -0500

>   I am working on upgrading a older Samba 3.0.16 setup that uses
> openldap as its back-end for passwords and users.
> I built a clone of our setup using CentOS 5.6 and Openldap 2.4.20 ,
> with Samba 3.6.1 .
> My issue.
> After successfully building and install Samba users can not
> authenticate to the server. They are prompted with errors about
> Needing to change their password.

> So I tried to set the max password age to -1
> # pdbedit -P "maximum password age" -C -1
> valid account policy, but unable to fetch value!
> account policy "maximum password age" description: Maximum password
> age, in seconds (default: -1 => never expire passwords)
> account policy "maximum password age" value was: 4294967295
> valid account policy, but unable to set value!
> Does anyone know what the root issue is ?

After Samba 3.0.21, those policies are stored in LDAP, but before
3.0.21, they were always stored in local tdb file.

I guess that you have to manually create those account policies on
your LDAP directory.

TAKAHASHI Motonobu <monyo at samba.gr.jp>

More information about the samba mailing list