Are the sambaDomain account policies sambaLogonToChgPwd and
sambaRefuseMachinePwdChange implemented on 3.0.22 to 3.0.25b?
First, even with "passdb backend = ldapsam:ldap://...." pdbedit
actually
edits account_policy.tdb for these two attributes.
Second, despite the attribute value (0, 1, or 2 using ldapmodify), XP
client (also smbclient) logon behavior is unchanged. I looked
through the code in account_pol.c and it does not appear that Samba
tests the values for these attributes - like they are not implemented. I
am not a coder so I got a second opinion from someone who is.
Thanks,
Eric Roseme
Hewlett-Packard
System stuff:
HP-UX 11.11 and HP-UX 11.23
Samba 3.0.22 and Samba Opensource 3.0.25b
Red Hat Directory Server 7.1
smb.conf
[global]
workgroup = SAMBAATC
netbios name = SAMBAPDC
server string = Samba Server
interfaces = xx.xx.xx.xxx, 127.0.0.1
bind interfaces only = yes
encrypt passwords = Yes
passdb backend = ldapsam:ldap://SAMBAPDC.rose.hp.com
log level = 10
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 1000
domain logons = Yes
preferred master = Yes
domain master = Yes
ldap server = SAMBAPDC.rose.hp.com
ldap suffix = dc=rose,dc=hp,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap admin dn = cn=Directory Manager
read only = No
short preserve case = No
dos filetime resolution = Yes