Hi all, I have a Samba PDC setup and i was wondering if anyone knows how i can force the users to change passwords ever x days. My network consists of windows type machines as was as linux based machines. Any help would greatly be apprecitated.
On Sat, 2004-07-24 at 16:47, Rashaad S. Hyndman wrote:> Hi all, > > I have a Samba PDC setup and i was wondering if anyone knows how i can > force the users to change passwords ever x days. My network consists of > windows type machines as was as linux based machines. > > Any help would greatly be apprecitated.---- man pdbedit Craig
Hi everyone... Since I'm running samba I haven't been able to implement pdbedit policies like password expiration time, lockout attempts, etc... I'm running samba-3.0.5 in RedHat enterprise 3 I read pdbedit manual I also tried to force users to change their password at first logon running this command: pdbedit -P "user must logon to change password" -C 1 I set the account to last a week for testing purposes only and the minimum password age for 3 days. This is the account information for a user. [root@xxxxxxxx xxxxxxxx]# pdbedit -c "[L]" -u xxxxxx Unix username: xxxxxx NT username: Account Flags: [U ] User SID: S-1-5-21-4146764868-xxxxxxxxx-xxxxxxxxxx-2002 Primary Group SID: S-1-5-21-4146764868-xxxxxxxxx-xxxxxxxxxx-512 Full Name: Antonio Prado Home Directory: \\xxxxxxxx\aprado HomeDir Drive: Logon Script: aprado.bat Profile Path: Domain: CASINO Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: lun, 18 ene 2038 23:14:07 GMT Kickoff time: lun, 18 ene 2038 23:14:07 GMT Password last set: dom, 11 jul 2004 13:21:16 GMT Password can change: dom, 11 jul 2004 13:21:16 GMT Password must change: lun, 18 ene 2038 23:14:07 GMT Last bad password : 0 Bad password count : 0 Thanks in advanced, Rafael Paris Gerente de Sistemas Casino e-mail: rparis@hotelmaruma.com pagina web/page: www.hotelmaruma.com Telefono/Phone: 0058 261 730 27 70 Fax: 0058 261 730 28 10
On Mon, 2004-07-26 at 20:19, Rafael Paris wrote:> I changed that back to 0 but the problem persists... > Is there a patch available for this problem?I work with LDAP, I'm not quite sure what you can do via pdbedit. In any case, the way to flag 'must change at next login' is to set the 'must change time' to 0. You must use either ldapsam or tdbsam. There is no bug here - it works at my site quite happily. Andrew Bartlett -- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040726/c64f8257/attachment.bin