[Samba] password expiration

Matt Richardson marichar at csusb.edu
Mon Nov 19 17:29:34 MST 2012

Hello all,

I have a test system with CentOS 6.2 running samba 3.5.10_125.el6 and 
OpenLDAP 2.4.23_20.el6.  Password expiration is set as sambaMaxPwdAge: 
5184000 and password aging works with a Windows 7 client. On a 
production system, I've got samba 3.5.10_115.el6_2 and openldap 
2.4.23_20.el6 running on RHEL6.2.  I have set sambaMaxPwdAge to 5184000 
and it does not work consistently with clients.

To illustrate, on the production system as an account's password 
expiration was approaching some Windows 7 and 2008 clients would report 
that it was due to expire soon and would I like to change it now.  Since 
it was odd that only some would display the message, I let it go to see 
what would happen when the password expired.  The time and date came and 
went, still able to log in.  Until, that is, I added a new samba client 
(domain member server, added to the domain after the test account's 
password had expired) and got the password expired message when 
attempting to connect with smbclient. Older clients still allowed me to 
log in with an aged password.

The test system displayed the message as soon as I made the change in 
LDAP and then tried to sign in to a client.  If the password had 
expired, I was prompted to change it on log in.  I didn't see anything 
in the release notes to indicate a difference in the two samba packages, 
but of course there could be one.  If someone could point me in the 
right direction, I would appreciate it.

Take care,


More information about the samba mailing list