samba - Jul 2011 - pdbedit "password must change" not following policy

Hey everyone,

I've got a file server (named success) running Samba version 3.0.10-1.4E.
I've also got another file server (named happiness) running Samba version
3.3.15 and LDAP.

I've got success pointed to happiness for LDAP in the smb.conf, and running
a "pdbedit -v user" works, it shows the proper information...except
for the
password must expire, it seemingly ignores the policy that is set on
success, for example:

[root at success]# pdbedit -P "maximum password age"
account policy value for maximum password age is 90

yet..:

[root at success]# pdbedit -v "user"
Password last set:    Tue, 31 May 2011 12:54:11 GMT
Password can change:  Tue, 07 Dec 2010 09:05:25 GMT
*Password must change: Mon, 07 Mar 2011 09:05:25 GMT*
Last bad password   : 0
Bad password count  : 0

should the Password must change not be 90 days after the Password last set?
If I do the same command on happiness (the one that runs ldap as well) it
outputs as expected.

I've been stuck at this forever, am I missing something VERY obvious?

Thanks for any help!

On Fri, Jul 1, 2011 at 7:57 PM, Chris Beach <chrisb at pintys.com>
wrote:
> [root at success]# pdbedit -P "maximum password age"
> account policy value for maximum password age is 90
At one time I used pdbedit to force a password change and that stopped
working. Apparently it was deprecated in favor of "net sam set
pwdmustchangenow". I'm guessing the same thing happened to maximum
password age. Try using "net sam policy set maximum password age"
instead.

Chris