similar to: Forcing Password Changes

I have been working to get pdbedit to expire passwords. I have seen several bugs related to pdbedit (bugzilla bug 4630 for example) on 3.0.25 so I upgraded to 3.0.25a, the latest Samba version as of this writing. What I am trying to do is set a particular user's password to expire on a certain date. If that can't be done, the ability to set it to expire "now" would be my

Hi, Samba-3 with LDAP backend is capable in this. I'm using it and it works. All you have to do, is to use LDAP and set proper account policies: $ pdbedit -P "bad lockout attempt" -C 5 (after 5 wrong password, user account will be locked out - samba sets password hashes to ***NOPASSWORD*** and user is unable to logon). $ pdbedit -P "min password length" -C 9 # password

Hi all Maybe a stupid question, but I'm not able to figure this out from the manpage nor from the HOWTOs... How can I force a user to change his password at next logon? I tried: # pdbedit -P "user must logon to change password" -C 0 -u username # pdbedit -u username -P "user must logon to change password" -C 0 # pdbedit -P "user must logon to change password"

Hello, I'm using samba 3.2.41 at Debian Lenny. I have some users in my smbpasswd file, now I'm trying to force them to change password once a given period. #pdbedit -P "maximum password age" -C 300 Above-mentioned command is affecting ONLY "new" users (users created after first first launch of this command), "old" users are not affected, passwords

Hello Group, I've been reading many posts but i still don't have the answer to how to force a password change or set a password lifetime. I'm using w2k clients which connect to a samba PDC version 3.0.10 on a basic SunOS 5.8 system, no ldap or so. syncing the ux-passwords and the smb-passwords works perfect, but i can't get it working to force users to change passwords. The

Hello! Own Samba 4.4 as ADDC with this cnfiguração passwords: root @ Upsilon: ~ # samba-domain tool PasswordSettings show Password informations for domain 'DC = XXXXXXXX " Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum password length: 7 Minimum password age (days): 1 Maximum password age (days): 400 Account lockout duration (mins): 30

Hi there, Here are the facts: - I have samba 3.4.2-0.42.fc11 running on a Fedora 11 system. - Samba is acting as a domain controller, no Windows server involved. - I am using tdbsam. - I need to enforce certain password requirements. The password requirements are: - min 8 characters - expiration 90 days - last 10 passwords may not be reused - not a dictionary word Per the Samba 3.2 FAQ, the

Hi All Have recently moved from a machine running 2.2 to a new machine running 3.0.10-1. I've just converted the smbpasswd database to tdbsam as I understand password ageing etc does not work with smbpasswd. I've set the line 'passdb backend = tdbsam' in the smb.conf, restarted the daemon and now I'm trying to force a user account to have to change his password the next time

In my current ''production'' NT-like domain (samba 4.2, OpenLDAP backend), password policies seems to ''get written'' to user data. EG, if i set: pdbedit -P "maximum password age" -C 7776000 and i change my password, 'Password must change' have a meningful value, eg 90 days more then the last password change: root at armitage:~# pdbedit -v

I've just found out that Samba (rather correctly) implements a nice and low password expiry date through the tdbsam backend, and I believe the "maximum password age" value. However, I can't, for the life of me, actually /set/ this thing. I've tried this: # pdbedit -u <username> -r -P "maximum password age" -C 100 And without the -r, and with various

Hello, I?m currently having a problem where a non-root user can?t change his/her own password using smbpasswd command after the password expiration and would like to know how I could solve this problem. Currently, I have a samba server running on CentOS 6.5 with its passdb backend configured to another LDAP server. The samba version I?m currently using is samba-3.6.9-169 which should be the

Hey everyone, I've got a file server (named success) running Samba version 3.0.10-1.4E. I've also got another file server (named happiness) running Samba version 3.3.15 and LDAP. I've got success pointed to happiness for LDAP in the smb.conf, and running a "pdbedit -v user" works, it shows the proper information...except for the password must expire, it seemingly ignores

Hi guys/girls, How are you ? I've been struggling to get my users' passwords to expire. My configuration is samba-3.0 running with the standard smbpasswd back-end. Everything that I can find on the web says I should set the following to expire my users passwords after 28 days.: pdbedit -v -P 'minimum password age' -C 300 pdbedit -v -P 'maximum password age' -C 2419200

Hello List I am working on upgrading a older Samba 3.0.16 setup that uses openldap as its back-end for passwords and users. I built a clone of our setup using CentOS 5.6 and Openldap 2.4.20 , with Samba 3.6.1 . My issue. After successfully building and install Samba users can not authenticate to the server. They are prompted with errors about Needing to change their password. Looking at my

Hello, I'm using samba 3.0.24 and Debian 4.0. As a password backend I use smbpasswd. I set password policy: Length - 8 signs, Password history - 3, password complexity - script, maximum password age - 30 days The "password length" and complexity works, but "password history" and "maximum password age" doesn't. I tried do the same on test machine

On Mon, 23 Oct 2017 16:52:05 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > Sorry, i came back on this, but: > > > In another, more generic, way: how password policies are enforced? > > still i need an answer on this question. > > > I've done some tests, using my account, that pdbedit say: > > root at vdcsv1:~# LANG=C

Hello After spending quite a few hours building a completely new domain with samba as a pdc for a local school I now have everything working(shares, printers, multiuser addscripts, etc). The only problem I have is that it is impossible to force user to change password on next logon from pdbedit. It is possible to set this trough usrmgr.exe but its not really convenient when adding multiple users

Hi ! This is my firs post here. I've got a problem with password history policy -C 3 which doesn't work !! I set policy pdbedit -P "maximum password age" -C 777600 (90days) pdbedit -P "minimum password age" -C 691200 (80days) "user must logon to change password" -C 2 "password history" -C 3 On clients (XP PRO) some of people

I'm setting up a Samba server using CentOS 4's (RedHat Enterprise Linux) standard version (v.3.0101411). I want to be able to force users to change their password upon first logging in and to have to change them after a certain period of time (per user, not system-wide). The problem is that the pdbedit commands don't seem to be registering at all in the database. If I enter the

Greetings, I am running samba-3.0.10-1.4E.9 installed from rpm on CentOS 4.4. I have it configured as a PDC. It is using the /passdb backend = tdbsam/ backend. I am using /pdbedit/ to make some configuration changes to user passwords. I would like to expire a users password, so that they are required to change it the next time they log in. From all that I have read in on-line resources