[Samba] pdbedit "password must change" not following policy
TAKAHASHI Motonobu
monyo at monyo.com
Sat Jul 2 08:27:41 MDT 2011
On Fri, Jul 1, 2011 at 7:57 PM, Chris Beach <chrisb at pintys.com> wrote:
> > [root at success]# pdbedit -P "maximum password age"
> > account policy value for maximum password age is 90
>
> At one time I used pdbedit to force a password change and that stopped
> working. Apparently it was deprecated in favor of "net sam set
> pwdmustchangenow".
"net sam set pwdmustchangenow" was first introduced at Samba 3.0.25.
From: Chris Beach <chrisb at pintys.com>
Date: Fri, 1 Jul 2011 19:57:26 -0400
> I've got a file server (named success) running Samba version
> 3.0.10-1.4E. I've also got another file server (named happiness)
> running Samba version 3.3.15 and LDAP.
> I've got success pointed to happiness for LDAP in the smb.conf, and
> running a "pdbedit -v user" works, it shows the proper
> information...except for the password must expire, it seemingly
> ignores the policy that is set on success, ...
> [root at success]# pdbedit -P "maximum password age"
> account policy value for maximum password age is 90
The account policies in which "maximum password age" is included were
always stored at local account_policy.tdb before Samba 3.0.21. After
Samba 3.0.21, these are stored at LDAP when LDAP is used as passdb.
That's the problem, I think.
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba
mailing list