[Samba] unexpected password expiration
mj
lists at merit.unu.edu
Fri Sep 17 10:54:43 UTC 2021
Hi!
Regarding password age / expiration, we have configured samba like:
> root at dadc:~# samba-tool domain passwordsettings show
> Password information for domain 'DC=samdom,DC=company,DC=com'
>
> Password complexity: on
> Store plaintext passwords: off
> Password history length: 24
> Minimum password length: 14
> Minimum password age (days): 0
> Maximum password age (days): 0
> Account lockout duration (mins): 30
> Account lockout threshold (attempts): 10
> Reset account lockout after (mins): 60
>
> root at addc:~# samba-tool domain passwordsettings pso list
> No PSOs are present, or you don't have permission to view them.
From the above, we assume that our passwords will not expire. (and yes,
that is a bad idea, but it's the way it currently is)
However, a tool that we use (LAM) is reporting to two of our users that
their passwords are about to expire, and they need to set a new one.
LAM logs this:
> 2021-09-17 12:28:22 Debug Checking CN=user1,CN=Users,DC=samdom,DC=company,DC=com
> 2021-09-17 12:28:22 Debug Last password change on 2021-08-10
> 2021-09-17 12:28:22 Debug Number of days before warning 7
> 2021-09-17 12:28:22 Debug Password expires on 2021-09-22
> 2021-09-17 12:28:22 Debug Password notification on 2021-09-15 12:55
> 2021-09-17 12:28:22 Info Not sending email to CN=user1,CN=Users,DC=samdom,DC=company,DC=com because of dry run.
My question to the samba experts here is:
Is there another way password expiration settings can be configured in
samba/AD, or should we look at the tool in use (LAM) and is most likely
something going wrong with the calculations there?
Thanks, and a nice weekend to everybody!
MJ
More information about the samba
mailing list