Greeting Stefan,
I have the same result. The 'Password can change' don't have any
effect.
Robert> Hi List,
>
> I hope sombody can give a Solution for the following behaviour:
>
> First the environment:
>
> One Samba 3.0.23b PDC with LDAP Backend (OpenLDAp 2.3)
> Another Samba 3.0.23b BDC with replicated LDAP Backend (OpenLDAP 2.3)
> Account policies set in LDAP and importet on both Samba PCs by pdbedit
> -y -i ldapsam as follows (working almost fine at least for password
> history, min length and bad logon attempt):
>
> min password length => 7
> password history => 3
> maximum password age => 7776000 i.e. 90 days
> minimum password age => 86400 i.e. 1 day
>
>
> Now the behaviour:
>
> If I set the password as admin with smbpasswd the parameters password
> must change, password last change and password can change are set to the
> correct values according to the above policies. No I want the user to be
> able to change his password on the same day so I changed the password
> can change parameter, but if a user wants to change his password it
> doesn't matter wich value is set in password can change. The first date
> a user may change his password is:
>
> <password last changed> + <minimum password age>
>
> Is the parameter password can change just informational?
>
> Kind regards
>
>
> Stefan
>