BOURIAUD
2009-Feb-17 10:32 UTC
[Samba] Howto force all users of a samba domain controller to change their password ?
Hi ! I'still running a samba domain controller on a rhel 5 machine, so it is version samba-3.0.33-3.7.el5. Users and accounts are still stored in a ldap database and everything works fine. Now that my setup is complete, I'd like to - force every user of the domain to change their password the next time they open a session on their workstation - be sure that the password is complex enough - have it that they don't put the same password as the old one. I've read many a thing about those topics, and tryed many things, but so far I haven't found anything very usefull. Somewhere I've read that there were modifications to be done using pdbedit so as to set the next time the password must be changed. I've tryed on my account, it doesn't work as I expected it to do : the password is valid for the time passed as an argument, and that's not what I want. Next, I've read about a cracklib-checker that can be called via the smb.conf file, but I don't have this cracklib-checker installed on my system, and I don't really know where to find it. Thanks in advance for any help provided. P.S. I've searched the docs on samba.org, but I haven't found anything relevant, and searching the web with "samba force user change password" gives many results that don't cover what I'm searching for.
BOURIAUD
2009-Mar-11 12:31 UTC
[Samba] Howto force all users of a samba domain controller to change their password ?
On Tuesday 17 February 2009 11:33:19 BOURIAUD wrote:> Hi ! > I'still running a samba domain controller on a rhel 5 machine, so it is > version samba-3.0.33-3.7.el5. Users and accounts are still stored in a ldap > database and everything works fine. > Now that my setup is complete, I'd like to > - force every user of the domain to change their password the next time > they open a session on their workstation > - be sure that the password is complex enough > - have it that they don't put the same password as the old one. > I've read many a thing about those topics, and tryed many things, but so > far I haven't found anything very usefull. > Somewhere I've read that there were modifications to be done using pdbedit > so as to set the next time the password must be changed. I've tryed on my > account, it doesn't work as I expected it to do : the password is valid for > the time passed as an argument, and that's not what I want. > Next, I've read about a cracklib-checker that can be called via the > smb.conf file, but I don't have this cracklib-checker installed on my > system, and I don't really know where to find it. > Thanks in advance for any help provided. > > > P.S. I've searched the docs on samba.org, but I haven't found anything > relevant, and searching the web with "samba force user change password" > gives many results that don't cover what I'm searching for.Since I got no answer, does it means that there is no possibility to force all users to change their password the next time they will connect to the domain ?
Miguel Medalha
2009-Mar-11 13:14 UTC
[Samba] Howto force all users of a samba domain controller to change their password ?
> Since I got no answer, does it means that there is no possibility to force all > users to change their password the next time they will connect to the domain ? >It is possible, at least with LDAP. Now, I need to find a way to explain how. I am in a hurry now. I will try to come back with some answer. Meanwhile, get Windows NT4 "User Manager" (it comes with "Server Tools") and look at what it offers you. http://download.microsoft.com/download/winntwks40/utility/7/nt4/en-us/srvtools.exe
Miguel Medalha
2009-Mar-11 13:56 UTC
[Samba] Howto force all users of a samba domain controller to change their password ?
Ldap Account Manager (LAM) is a web interface to LDAP. With it, you can define Minimum password length, Minimum lowercase characters, Minimum uppercase characters, Minimum numeric characters, Minimum symbolic characters, Minimum character classes, etc. http://lam.sourceforge.net/
John Drescher
2009-Mar-11 14:27 UTC
[Samba] Howto force all users of a samba domain controller to change their password ?
> Ldap Account Manager (LAM) is a web interface to LDAP. > > With it, you can define Minimum password length, Minimum lowercase > characters, Minimum uppercase characters, Minimum numeric characters, > Minimum symbolic characters, Minimum character classes, etc. > > http://lam.sourceforge.net/ >I use that all the time to manage my samba / linux domain and I recommend it. John