On Wed, 2003-10-01 at 00:58, Damian Gerow wrote:> I've just found out that Samba (rather correctly) implements a nice and
low
> password expiry date through the tdbsam backend, and I believe the
"maximum
> password age" value.
>
> However, I can't, for the life of me, actually /set/ this thing.
I've tried
> this:
>
> # pdbedit -u <username> -r -P "maximum password age" -C
100
If you got the syntax right, this would set the maximum password age
'policy' to 100 seconds. There is no way to set the 'expiry
time' for
a particular password.
> We're running Samba 3.0b3, if that makes a difference.
It does - if you upgrade to 3.0.0 release, and delete the
account_policy.tdb, you will get no password expiry by default. Then
you can reset the policy to whatever you like (hint: pdbedit -P "maximum
password age -C 1000000 ), and then change all the password that are now
expiring.
For the timebeing, the ldapsam backend remains the best for allowing
arbitary control of these details.
Andrew Bartlett
--
Andrew Bartlett abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet@samba.org
Student Network Administrator, Hawker College abartlet@hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031001/89569aa5/attachment.bin