[Samba] Password policy for user-managed passwords

Philippe LeCavalier support at plecavalier.com
Thu Jul 15 08:28:12 UTC 2021

On Wed, Jul 14, 2021 at 10:09 PM Jonathon Reinhart <
jonathon.reinhart at gmail.com> wrote:

> On Wed, Jul 14, 2021 at 12:09 PM Philippe LeCavalier via samba
> <samba at lists.samba.org> wrote:
> >
> > Hi,
> >
> > I'm moving away from managing passwords for my clients.
> Better late than never. A sysadmin should never be responsible for
> setting passwords for users.
That's an opinion.

> If your clients are logging into domain-joined Windows workstations,
> then you have nothing to worry about. Windows will force the user to
> change their password before/when it expires. The same goes for most
> configurations of Linux workstations joined to the domain, also.
> If your client workstations are not domain-joined, you should really
> consider doing that.
> If you have an Active Directory domain, but your users aren't using
> interactive login, then what are you using the domain for? Just Samba
> share auth?
They are domain-joined and interactive login is there but the expiration
isn't set or is set to 0, that's all. So as my initial question: do I
simply set the expiration to the desired cycle, say 60 days? And if I don't
want to wait 60 days for the first reset, what's the best approach? Thanks,

More information about the samba mailing list