Jan Stavel
2006-Mar-28 16:17 UTC
[Samba] Can samba ensure that a user did not enter the previous password when password expired?
Hello, I have working PDC with ldap samba 3.0.21c-1 I try to force users change their password by setting password expiration. It works - the samba asks a user to change his password. But user can set value of the password to the previos one and system accepts it - at the end no change was made :-) Can samba check whether user really changed value of his password? I tried to change password format from SSHA to SHA (it can be checked) but no result. Thanks for advice, Jan Stavel
Matt Ingram
2006-Mar-28 16:59 UTC
[Samba] Can samba ensure that a user did not enter the previous password when password expired?
you need to setup some password policies.. I was just playing with this a couple days ago.. seems to work very nicely :) It stores all the information in the LDAP Entry for the Domain (sambaDomainName=yourdomain) anyway.. here's the link I learnt from: http://searchopensource.techtarget.com/tip/1,289483,sid39_gci1152805,00.html?bucket=ETA specifically, you need to set the "password history" setting. I don't think you can just modify the entries in ldap.. I think you have to use pdbedit, as stated on the document.. good luck :) Jan Stavel wrote:> Hello, > I have working PDC with ldap > > samba 3.0.21c-1 > > I try to force users change their password by setting password > expiration. It works - the samba asks a user to change his password. > > But user can set value of the password to the previos one and system > accepts it - at the end no change was made :-) > > Can samba check whether user really changed value of his password? > > I tried to change password format from SSHA to SHA (it can be checked) > but no > result. > > Thanks for advice, > Jan Stavel >-- Matt Ingram Intermediate Unix Administrator, IS Canadian Bank Note Company, Limited \m/