Plant, Dean
2006-Aug-18 11:37 UTC
[Samba] Password expiry for samba & posix accounts in LDAP
Can someone install some confidence in me that the way I am dealing with syncing password expiry dates between Samba and Posix accounts in LDAP is correct. The question has come up on the list a couple of times but the answer, using "unix password sync = Yes" and changing the ShadowLastChange LDAP attribute via an external script seems rather clunky. Is this really the correct way to do it, when only allowing changing of passwords via Windoze? or am I missing something obvious that enables this to be done within the Samba/OpenLDAP configuration. Thanks Dean.
Jamrock
2006-Aug-19 00:04 UTC
[Samba] Re: Password expiry for samba & posix accounts in LDAP
"Plant, Dean" <dean.plant@roke.co.uk> wrote in message news:2181C5F19DD0254692452BFF3EAF1D6802671911@rsys005a.comm.ad.roke.co.uk... Can someone install some confidence in me that the way I am dealing with syncing password expiry dates between Samba and Posix accounts in LDAP is correct. The question has come up on the list a couple of times but the answer, using "unix password sync = Yes" and changing the ShadowLastChange LDAP attribute via an external script seems rather clunky. Is this really the correct way to do it, when only allowing changing of passwords via Windoze? or am I missing something obvious that enables this to be done within the Samba/OpenLDAP configuration. Thanks Dean. We have used a single Openldap directory to authenticate Samba, qmail and Jabber. We add the line ldap passwd sync = yes to our smb.conf file. When the users change their Windows passwords from a Windows workstation, the Samba and ldap passwords are both changed.