-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just migrated our samba box to use ldapsam, and now I have a few questions: 1)I would like to now get users passwords into unix hashes in the LDAP server. Password changes seem to be working correctly, adding unix password hashes to the LDAP server (via pam password change = yes and using pam_ldap). However, I would like to try and get passwords migrated ~ soon (so that we can use ldap authentication for services that don't use pam, where we can use pam_smb). So, is it possible to expire passwords using LDAP? It looks like the ldap attribute pwdMustChange is intended for this use (and pwdCanChange to allow/prohibit password changes), but are they working? And if so, how does one use them? 2)Does password changing by referrals work? The point of this excercise is to get our remote site authenticating to the same password database, it would be convenient if we didn't have to tell users to select the head office DC for changing passwords ... especially if password expiry works. As always, thanks to the samba team for great software. Regards, Buchan - -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9K/XQrJK6UGDSBKcRAi3sAKChXpuMq56saIRonoDKsQbRH7+FXgCfQDdB eg2Iz0hxZp/Rvqyyc4Mi/l4=Xduj -----END PGP SIGNATURE-----