tor, 14.04.2005 kl. 15.03 skrev boka: > I use samba (3.0.7) with ldap backend. > > I have installed above system some time ago. During our migration from > netware to samba i had to disable period password change and do not > remeber what i have "clicked" :-/ > > What parameters should be "on" to enable this functionality ?
Things that you can't find in 'man smb.conf' or the SWAT help (the same) usually aren't available. Sometimes they are, but undocumented. In this case, this is policy and a Windows thing. As far as XP goes, one uses mmc to change policy. This has a snap-in facility to enable what you're looking for. HOWEVER. As the Samba doco says, you can't normally use mmc to construct policies. HOWEVER. A German firm has produced the Nitrobit Group Policy Editor which, for a fee (license per workstation, for schools at least, is dead cheap) makes it possible to edit the *GROUP* snapin module, store it on netlogon and read it in (and execute it) during logon. HOWEVER, the password stuff is not in the group module, it's in the Security Templates module, so Nitrobit ignores it. So that's a dead loss. Now, big breath (as the doctor said; answer: "yeth, and I'm only thixthteen"): The ldapsam backend provides the following attributes, which should be there in tdbsam too: sambaPasswordHistory sambaPwdCanChange sambaPwdMustChange sambaPwdLastSet It doesn't have any other means of storing extended (Windows) password parameters (min. length, complexity etc.). As far as LDAP goes, it gives the possibility od adding attributes in the passwordPolicy objectclass from ns-pwd-policy.schema. But similar would have to be added to other backends (tdbsam, MySQL, whatever). How does one set the attributes that are already available in the ldapsam backend? --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They love us, don't they, They feed us, won't they ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
