[Samba] Attempts to Set Max Password Age in Samba Tool Fails

Matthew Delfino mdelfino.list.samba at knockinc.com
Fri Mar 29 20:45:57 UTC 2019


I am on Samba 4.10.0, Ubuntu 16.04.2 LTS. I recently reset a password and found that my password expiration had somehow gotten set to 400 days.

I went to one of my DCs and ran the following command:

# samba-tool domain passwordsettings show
Password informations for domain 'DC=samdom,DC=mydomain,DC=com'

Password complexity: on
Store plaintext passwords: off
Password history length: 5
Minimum password length: 14
Minimum password age (days): 0
Maximum password age (days): 400
Account lockout duration (mins): 60
Account lockout threshold (attempts): 30
Reset account lockout after (mins): 60

That needed to change so, I tried to enforce my company's policy:

# samba-tool domain passwordsettings set --max-pwd-age=270
ERROR(<class 'TypeError'>): uncaught exception - unorderable types: NoneType() >= int()
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 184, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 1513, in run
    if max_pwd_age and max_pwd_age > 0 and min_pwd_age >= max_pwd_age:

I tried several numbers for max-pwd-age, they all sent the same error. I tried setting the min-pwd-age to 0 again, even though it was already 0. That command was successful, but it didn't help at all. Am I doing something wrong? Any advice?



© 2019 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.

More information about the samba mailing list