Philippe LeCavalier
2021-Jul-18 20:44 UTC
[Samba] Password policy for user-managed passwords
On Sun, Jul 18, 2021, 10:21 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Sun, 2021-07-18 at 09:56 -0400, Philippe LeCavalier wrote: > > > > > > > > You can force a user to change their password by resetting it with: > > > > > > samba-tool user setpassword User1 --newpassword=passw0rd --must- > > > change- > > > at-next-login > > > This implies I have to set a password that I would provide to them > > > before they can set a new one if I'm reading that correctly? How > > > would I apply that domain wide? > > I would only do this for individual users or new users.[snip]. > > > > I'm still uncertain how I transition smoothly. If I set the > > > password to expire after 1 day will they be prompted to change it > > > or will their account be disabled per the wording for that option? > > The 'prompting' is down to the display manager, it should prompt the > user to change their password, it should prompt well before the > password expires, so I wouldn't use 1 day.Is there a setting to control the amount of time prior to expiration a user> will get notified.Phil>
On Sun, 2021-07-18 at 16:44 -0400, Philippe LeCavalier wrote:> > > Is there a setting to control the amount of time prior to > > expiration a user will get notified. >There may be, but it isn't a Samba or AD one. As I said this is down to the display manager, so you need to check your display managers documentation. Failing that, you could write your own script to check for expiry and email/notify the user. Rowland
Hi, On 18/07/2021 22:44, Philippe LeCavalier via samba wrote:> > Is there a setting to control the amount of time prior to expiration a user > will get notified.We are using LAM pro (https://www.ldap-account-manager.org/) and one of it's configurable cronjobs does exactly that. MJ