[Samba] Samba Password Policy IPA
Zachary Musselman
mussz624 at robertmorris.edu
Fri Oct 11 07:00:02 MDT 2013
Hello,
We currently have Samba 3 and IPA running together.
There are issues with IPA and Samba understanding the password policy IPA
has for a given user.
Currently we are attempting to match a policy in Samba using pdbedit -P
pdbedit -P "min password length" -C 8
pdbedit -P "bad lockout attempt" -C 6
pdbedit -P "lockout duration" -C 60
pdbedit -P "password history" -C 10 **not working
pdbedit -P "reset count minutes" -C 1
pdbedit -P "maximum password age" -C 90
pdbedit -P "minimum password age" -C 1
Here is our IPA policy:
Max lifetime (days):
90
Min lifetime (hours):
1
History size (number of passwords):
10
Character classes:
3
Min length:
8
Max failures:
6
Failure reset interval (seconds):
60
Lockout duration (seconds):
600
There are certain admin users however that shouldn't have their password
expire every 90 days.
I'm assuming if I set the above pdbedit commands then ALL users who login
to Windows will have to change their password after 90 days.
That's what I want but certain admin users should not. Is there a way to
exclude users from a password policy in Samba?
Thanks
More information about the samba
mailing list