Hello! I want to be able to force my users to change passwords every so often. Does samba honor any shadow settings like this? If so, mind pointing me in the right direction or giving me any advice. I will ultimately want to get this information out of ldap which the pam module should take care of (hopefully). Thank you! -- Terry Davis Systems Administrator BirdDog Solutions, Inc. (402) 829-6059
mmmm, just read the stuff on samba-2.2.3, perhaps i should read up on the new ldap things. tdavis@birddog.com wrote:> Hello! > > I want to be able to force my users to change passwords every so often. > Does samba honor any shadow settings like this? If so, mind pointing > me in the right direction or giving me any advice. I will ultimately > want to get this information out of ldap which the pam module should > take care of (hopefully). > > Thank you! >-- Terry Davis Systems Administrator BirdDog Solutions, Inc. (402) 829-6059
tdavis@birddog.com wrote:> > Hello! > > I want to be able to force my users to change passwords every so often. > Does samba honor any shadow settings like this? If so, mind > pointing me in the right direction or giving me any advice. I will > ultimately want to get this information out of ldap which the pam module > should take care of (hopefully).Set Samba to 'obey pam restrictions = yes' and setup the /etc/pam.d/samba file. Then Samba will (even for encrypted logins) check with the 'account' module listed. Unfortunetly even with things like LDAP SAM backend, samba only honers this via PAM. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net samba.org build.samba.org hawkerc.net
>tdavis@birddog.com wrote:>> >> Hello! >> >> I want to be able to force my users to change passwords every so often. >> Does samba honor any shadow settings like this? If so, mind >> pointing me in the right direction or giving me any advice. I will >> ultimately want to get this information out of ldap which the pam module >> should take care of (hopefully). >Set Samba to 'obey pam restrictions = yes' and setup the /etc/pam.d/samba file. >Then Samba will (even for encrypted logins) check with the 'account' module listed. >Unfortunetly even with things like LDAP SAM backend, samba only honers this via PAM. >Andrew Bartlett >-- >Andrew Bartlett abartlet@pcug.org.au >Manager, Authentication Subsystems, Samba Team abartlet@samba.org >Student Network Administrator, Hawker College abartlet@hawkerc.net >samba.org build.samba.org hawkerc.net Well, does the windows client get any notification of this via samba? This would be neat. -- Terry Davis Systems Administrator BirdDog Solutions, Inc. (402) 829-6059
Anyone have any help for this? Thank you!! >tdavis@birddog.com wrote: >> >> Hello! >> >> I want to be able to force my users to change passwords every so often. >> Does samba honor any shadow settings like this? If so, mind >> pointing me in the right direction or giving me any advice. I will >> ultimately want to get this information out of ldap which the pam module >> should take care of (hopefully). >Set Samba to 'obey pam restrictions = yes' and setup the /etc/pam.d/samba file. >Then Samba will (even for encrypted logins) check with the 'account' module listed. >Unfortunetly even with things like LDAP SAM backend, samba only honers this via PAM. >Andrew Bartlett >-- >Andrew Bartlett abartlet@pcug.org.au >Manager, Authentication Subsystems, Samba Team abartlet@samba.org >Student Network Administrator, Hawker College abartlet@hawkerc.net >samba.org build.samba.org hawkerc.net Well, does the windows client get any notification of this via samba? This would be neat. -- Terry Davis Systems Administrator BirdDog Solutions, Inc. (402) 829-6059
tdavis@birddog.com wrote:> > >tdavis@birddog.com wrote: > >> > >> Hello! > >> > >> I want to be able to force my users to change passwords every so often. > >> Does samba honor any shadow settings like this?> Well, does the windows client get any notification of this via samba? > This would be neat.For NT/Win2k domain logons, yes. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net samba.org build.samba.org hawkerc.net