[Samba] pdbedit "password must change" not following policy
chrisb at pintys.com
Mon Jul 4 08:16:27 MDT 2011
I completely missed this message some how, thank you, looking at the tdb
file using tdbtool I do see that "maximum password age" appears to be set to
Z where on the newer version of samba, it doesn't appear to be set.
I'm not sure what Z stands for, but is there a way I could go about
correcting this, or is my only option to update samba on the server
(success) so it will corectly report the password policy of the LDAP server
it is using?
Thanks for all the help.
On Sat, Jul 2, 2011 at 10:27 AM, TAKAHASHI Motonobu <monyo at monyo.com> wrote:
> On Fri, Jul 1, 2011 at 7:57 PM, Chris Beach <chrisb at pintys.com> wrote:
> > > [root at success]# pdbedit -P "maximum password age"
> > > account policy value for maximum password age is 90
> > At one time I used pdbedit to force a password change and that stopped
> > working. Apparently it was deprecated in favor of "net sam set
> > pwdmustchangenow".
> "net sam set pwdmustchangenow" was first introduced at Samba 3.0.25.
> From: Chris Beach <chrisb at pintys.com>
> Date: Fri, 1 Jul 2011 19:57:26 -0400
> > I've got a file server (named success) running Samba version
> > 3.0.10-1.4E. I've also got another file server (named happiness)
> > running Samba version 3.3.15 and LDAP.
> > I've got success pointed to happiness for LDAP in the smb.conf, and
> > running a "pdbedit -v user" works, it shows the proper
> > information...except for the password must expire, it seemingly
> > ignores the policy that is set on success, ...
> > [root at success]# pdbedit -P "maximum password age"
> > account policy value for maximum password age is 90
> The account policies in which "maximum password age" is included were
> always stored at local account_policy.tdb before Samba 3.0.21. After
> Samba 3.0.21, these are stored at LDAP when LDAP is used as passdb.
> That's the problem, I think.
> TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba