samba - Jan 2004 - Hows samba calculating sambaPwdMustChange?

When samba password has been expired, user are force to change their password
from client WS.
Samba will modify sambaPwdMustChange attribute and the value seems always
"2147483647", this not happen when changin password with smbpasswd.
>From where samba calculate value for "sambaPwdMustChange"? is it
constant?
Is it possible to specify different value?

Tks.

Hi,

In latest samba 3 there is a policy setting option:

$ pdbedit -P "maximum password age" -C 7776000

When user changes password, then new sambaPwdMustChange will be calculated
based on policy. My policy is 90 days. works just fine.
2147483647 is just a value in far future (year 2030 or something), meaning
that user doesn't have to change his password.


Another way is to set value in smbldap-tools (latest version needed
(included in samba 3.0.1 package).
smbldap_conf.pm

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for $_defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
$_defaultMaxPasswordAge = 90;
When using 'smbldap-passwd.pl username' password will be changed and
needed
sambaPwdMustChange will be set.

Third way is to change value manually in LDAP base with ldap-modify.

Regards,

 Rauno
> -----Original Message-----
> From: Beast [mailto:indorama@rad.net.id]
> 
> When samba password has been expired, user are force to 
> change their password from client WS. 
> Samba will modify sambaPwdMustChange attribute and the value 
> seems always "2147483647", this not happen when changin 
> password with smbpasswd.
> 
> >From where samba calculate value for "sambaPwdMustChange"? 
> is it constant?
> Is it possible to specify different value?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 8 Jan 2004, Beast wrote:
> When samba password has been expired, user are force to change their
> password from client WS.  Samba will modify sambaPwdMustChange attribute
> and the value seems always "2147483647", 
That is NT's version of infinity time.

> 
> >From where samba calculate value for "sambaPwdMustChange"? is
it
> >constant?
> Is it possible to specify different value?
See pdbedit for specifying the password expiration time
(in seconds).




cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "If we're adding to the noise, turn off this song" --Switchfoot
(2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE//YfNIR7qMdg1EfYRAvUfAKCrVUHwmMQRElwYTdcbo+Sq7tr66ACbBg3v
mfNrpD76wd2zVdzHXi6iLfQ=HBFe
-----END PGP SIGNATURE-----