[Samba] User and Password expiry
nwilson123 at gmail.com
Mon Jan 12 02:15:56 MST 2015
I'm battling to understand how the Samba4 user password expiry seems
to tie in together and was hoping this could be clarified by someone
for me please?
Currently I have the following Samba4 domain policies in place...
[root at headoffice ~]# samba-tool domain passwordsettings show
Password informations for domain 'DC=abc-ho,DC=local'
Password complexity: on
Store plaintext passwords: off
Password history length: 12
Minimum password length: 8
Minimum password age (days): 1
Maximum password age (days): 60
If I search for an account on the command line, the following attributes show...
ldapsearch -x -H "ldap://18.104.22.168:389" -b "dc=abc-ho,dc=local" -D
"blabla at abc-ho.local" -w mypass sAMAccountName=hr
# extended LDIF
# base <dc=abc-ho,dc=local> with scope subtree
# filter: sAMAccountName=hr
# requesting: ALL
# hr, Users, abc-ho.local
description: Head Office HR
If I then look through the "AD Domain Users and Groups" utility under
the "Account" tab the password is set to expire on the 17th of January
2038 (which I presume came from when the accounts were imported off an
old Samba3 server)
Surely if I've set the domain policy of 60 day expiry, this should
override the pre-existing account expiry? I'm fairly certain this
account has existed for more than 60 days since the policy was
I'm running sernet-samba-ad-4.1.12-9.el6.x86_64
Please shout if you have any questions.
Thanks, any help is appreciated.
More information about the samba