[Samba] Password policy for user-managed passwords

Rowland Penny rpenny at samba.org
Sat Jul 17 15:49:16 UTC 2021

On Sat, 2021-07-17 at 11:16 -0400, Philippe LeCavalier via samba wrote:
> Anyone else?

There are several things in play here, there is the default domain
password expiry, which can be shown by running:

samba-tool domain passwordsettings show

You can force a user to change their password by resetting it with:

samba-tool user setpassword User1 --newpassword=passw0rd --must-change-

There are a couple of attributes that need changing, userAccountControl
and accountExpires

If 'accountExpires' isn't set, then the password will expire on the day
shown by the first samba-tool command above. A value of 0 or
9223372036854775807 indicates that the account never expires.

You can set the password expiry with:
samba-tool user setexpiry

Add '--help' to the above command for more info.


More information about the samba mailing list