[Samba] pdbedit "password must change" not following policy

Chris Beach chrisb at pintys.com
Fri Jul 1 17:57:26 MDT 2011

Hey everyone,

I've got a file server (named success) running Samba version 3.0.10-1.4E.
I've also got another file server (named happiness) running Samba version
3.3.15 and LDAP.

I've got success pointed to happiness for LDAP in the smb.conf, and running
a "pdbedit -v user" works, it shows the proper information...except for the
password must expire, it seemingly ignores the policy that is set on
success, for example:

[root at success]# pdbedit -P "maximum password age"
account policy value for maximum password age is 90


[root at success]# pdbedit -v "user"
Password last set:    Tue, 31 May 2011 12:54:11 GMT
Password can change:  Tue, 07 Dec 2010 09:05:25 GMT
*Password must change: Mon, 07 Mar 2011 09:05:25 GMT*
Last bad password   : 0
Bad password count  : 0

should the Password must change not be 90 days after the Password last set?
If I do the same command on happiness (the one that runs ldap as well) it
outputs as expected.

I've been stuck at this forever, am I missing something VERY obvious?

Thanks for any help!

More information about the samba mailing list