Hello all,
I have a test system with CentOS 6.2 running samba 3.5.10_125.el6 and
OpenLDAP 2.4.23_20.el6. Password expiration is set as sambaMaxPwdAge:
5184000 and password aging works with a Windows 7 client. On a
production system, I've got samba 3.5.10_115.el6_2 and openldap
2.4.23_20.el6 running on RHEL6.2. I have set sambaMaxPwdAge to 5184000
and it does not work consistently with clients.
To illustrate, on the production system as an account's password
expiration was approaching some Windows 7 and 2008 clients would report
that it was due to expire soon and would I like to change it now. Since
it was odd that only some would display the message, I let it go to see
what would happen when the password expired. The time and date came and
went, still able to log in. Until, that is, I added a new samba client
(domain member server, added to the domain after the test account's
password had expired) and got the password expired message when
attempting to connect with smbclient. Older clients still allowed me to
log in with an aged password.
The test system displayed the message as soon as I made the change in
LDAP and then tried to sign in to a client. If the password had
expired, I was prompted to change it on log in. I didn't see anything
in the release notes to indicate a difference in the two samba packages,
but of course there could be one. If someone could point me in the
right direction, I would appreciate it.
Take care,
Matt
