On Tuesday, December 3, 2002, at 01:46 PM, <[EMAIL PROTECTED]> wrote:
1) Does Samba now fully support password expiration? (I can get it to popSamba does not directly support password expiration (at this time anyway). It indirectly can support it via PAM on Linux, Solaris or other PAM enabled systems. In these cases, by setting 'obey pam restrictions = yes' in your smb.conf file, you can have Samba obey any expiration settings on the user accounts, which you have setup in the Unix password database.
up a message on the windows client that the password is about to expire, but
it keeps letting me log on)
That said, my experience in implementing this for a large site recently is that you will NOT get any sort of password expiration dialog at the Windows clients. What happens is that you either can login, or you cannot. Once the password has expired, you can no longer logon to the domain or the Samba server. No explanation is given - it is as if you keyed in a bad password.
I think I addressed this already - Samba is not what displays this dialog on the Windows client.2) How do I get it to change password from the "password is expiring" dialog? (I can change the password from the "change password" button in windows, but when I say I want to change it from the "password about to expire" message, I aways get "can't change password because domain is unavailable"
The solution I ultimately implemented in order to meet a new 60-day password expiration policy was to implement a web page which is invoked by the Windows logon script if the user is within the 'warning' period configured in the Unix password database. 7 days for example. During that period, a web page will be invoked by the logon script, telling the user their password is about to expire in x days, and giving them a link to a URL on the Samba server itself, where they can change their password.
I guess maybe I could put something together like a HOWTO on this topic if it sounds useful to others. It took a few days to peice together a solution....
--
Jim Morris ([EMAIL PROTECTED])
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
