[Samba] Samba-tool password expiration and service accounts
Rowland Penny
rpenny at samba.org
Thu Oct 13 07:38:46 UTC 2016
On Wed, 12 Oct 2016 21:16:02 +0000
Brandon Nishan via samba <samba at lists.samba.org> wrote:
> Initially I had set password expiration to be 6 months using
> samba-tool, and used ADUC to tick the "password never expires" box on
> specific service accounts that I wanted to keep with the same
> password. What I found was that even with this box checked, the
> account's passwords did expire after 6 months.
>
>
>
> So it seems that the password settings configured by samba-tool apply
> to all accounts on the domain, including the ones I intended to use
> as service accounts. Either all account passwords expire after X
> days, or all accounts never expire (if you set the max age to 0). My
> questions:
>
>
>
> - Am I correct in the above? If so, do you have any ideas on how to
> preserve security with password rotation for the users while also
> allowing service accounts (password never expires) to exist?
>
>
>
> -If I am not correct, does this indicate a problem with my Samba
> installation or am I missing a setting to make the service accounts
> immune to samba-tool password rules?
>
>
Have you tried reading the output of 'samba-tool user setexpiry
--help' ?
Rowland
More information about the samba
mailing list