[Samba] Samba-tool password expiration and service accounts

[Brandon Nishan]

Initially I had set password expiration to be 6 months using samba-tool, and
used ADUC to tick the "password never expires" box on specific service
accounts that I wanted to keep with the same password. What I found was that
even with this box checked, the account's passwords did expire after 6
months.

 

So it seems that the password settings configured by samba-tool apply to all
accounts on the domain, including the ones I intended to use as service
accounts.  Either all account passwords expire after X days, or all accounts
never expire (if you set the max age to 0). My questions:

 

- Am I correct in the above? If so, do you have any ideas on how to preserve
security with password rotation for the users while also  allowing service
accounts (password never expires) to exist? 

 

-If I am not correct, does this indicate a problem with my Samba
installation or am I missing a setting to make the service accounts immune
to samba-tool password rules?

 

Thanks!

 

-Brandon