Hello, We currently have Samba 3 and IPA running together. There are issues with IPA and Samba understanding the password policy IPA has for a given user. Currently we are attempting to match a policy in Samba using pdbedit -P pdbedit -P "min password length" -C 8 pdbedit -P "bad lockout attempt" -C 6 pdbedit -P "lockout duration" -C 60 pdbedit -P "password history" -C 10 **not working pdbedit -P "reset count minutes" -C 1 pdbedit -P "maximum password age" -C 90 pdbedit -P "minimum password age" -C 1 Here is our IPA policy: Max lifetime (days): 90 Min lifetime (hours): 1 History size (number of passwords): 10 Character classes: 3 Min length: 8 Max failures: 6 Failure reset interval (seconds): 60 Lockout duration (seconds): 600 There are certain admin users however that shouldn't have their password expire every 90 days. I'm assuming if I set the above pdbedit commands then ALL users who login to Windows will have to change their password after 90 days. That's what I want but certain admin users should not. Is there a way to exclude users from a password policy in Samba? Thanks