On Fri, Jul 1, 2011 at 7:57 PM, Chris Beach <chr...@pintys.com> wrote: > > [root@success]# pdbedit -P "maximum password age" > > account policy value for maximum password age is 90 > > At one time I used pdbedit to force a password change and that stopped > working. Apparently it was deprecated in favor of "net sam set > pwdmustchangenow".
"net sam set pwdmustchangenow" was first introduced at Samba 3.0.25. From: Chris Beach <chr...@pintys.com> Date: Fri, 1 Jul 2011 19:57:26 -0400 > I've got a file server (named success) running Samba version > 3.0.10-1.4E. I've also got another file server (named happiness) > running Samba version 3.3.15 and LDAP. > I've got success pointed to happiness for LDAP in the smb.conf, and > running a "pdbedit -v user" works, it shows the proper > information...except for the password must expire, it seemingly > ignores the policy that is set on success, ... > [root@success]# pdbedit -P "maximum password age" > account policy value for maximum password age is 90 The account policies in which "maximum password age" is included were always stored at local account_policy.tdb before Samba 3.0.21. After Samba 3.0.21, these are stored at LDAP when LDAP is used as passdb. That's the problem, I think. --- TAKAHASHI Motonobu <mo...@samba.gr.jp> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba