Steven Mackenzie
2002-Feb-22 05:48 UTC
[Samba] Password about to expire -- Turn Windlows Client Password Ageing Off?
I have a Domain controlled by a (Samba 2.2.2 upgraded to) Samba 2.2.3a PDC, with unix password sync = yes The PDC (on a Mandrake Linux 8.X box) does not use password ageing, and we don't want password ageing on our network. We have a mix of Windows 98, NT4 and 2000 client workstations. Unfortunately, some of the Windows 2000 users who log in to the domain have complained that Windows is insisting that they must change their domain password, and also that the interval given until expiry seems to change at random. If they do chose to do change the password, then things will usually carry on with no problem. Also, the workstation "Local Security Settings" (Control Panel>Administrative tools>Local Security Settings/Local Policies/Security Options/Prompt user to change password ...) can be edited so that no warning is displayed, although I've been told that the machine may suddenly insist on a password change later. Is there any way to specify from the Samba PDC that there is no expiry period for the password? Also, a minor problem can occur with the password changing/synchronising: if the new password is too simple (eg a dictionary word) then it will be rejected by the Linux server. This is reported to the user as "The user name or old password was incorrect ..." Is it possible to make this message less misleading? Is this fixable? Thanks for any help, Steven ==Steven Mackenzie Active Navigation Ltd http://activenavigation.com/ +44 (0) 23 8074 2420 sjm@activenavigation.com
Steven Mackenzie
2002-Feb-22 05:50 UTC
[Samba] Password about to expire -- Turn Windlows Client Password Ageing Off?
I have a Domain controlled by a (Samba 2.2.2 upgraded to) Samba 2.2.3a PDC, with unix password sync = yes The PDC (on a Mandrake Linux 8.X box) does not use password ageing, and we don't want password ageing on our network. We have a mix of Windows 98, NT4 and 2000 client workstations. Unfortunately, some of the Windows 2000 users who log in to the domain have complained that Windows is insisting that they must change their domain password, and also that the interval given until expiry seems to change at random. If they do chose to do change the password, then things will usually carry on with no problem. Also, the workstation "Local Security Settings" (Control Panel>Administrative tools>Local Security Settings/Local Policies/Security Options/Prompt user to change password ...) can be edited so that no warning is displayed, although I've been told that the machine may suddenly insist on a password change later. Is there any way to specify from the Samba PDC that there is no expiry period for the password? Also, a minor problem can occur with the password changing/synchronising: if the new password is too simple (eg a dictionary word) then it will be rejected by the Linux server. This is reported to the user as "The user name or old password was incorrect ..." Is it possible to make this message less misleading? Is this fixable? Thanks for any help, Steven ==Steven Mackenzie Active Navigation Ltd http://activenavigation.com/ +44 (0) 23 8074 2420 sjm@activenavigation.com