Hello,

> so, i am seeking the solution making the password expiry feature
> avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.

the password expires in Unix and Samba.

Samba does all changes for itself. You can set password-age to 60 days by typing:

#> pdbedit -P "maximum password age" -C 5007600

For Linux you have to change "shadowlastchange" in LDAP. I wrote a script for this:

smb.conf:
#---------------------------------------------------------
unix password sync = yes
passwd program = /etc/samba/scripts/ldap_userPassword_change %u
passwd chat = *New*password* %n\n *new*password* %n\n *Success*
#---------------------------------------------------------

/etc/samba/scripts/ldap_userPassword_change:
#---------------------------------------------------------
#!/bin/sh

LDAP_SERVER="ldapserver"
LDAP_USER="uid=userPassChange,o=mydomain,c=com"
LDAP_PASS="secret"
LDAP_PASSWD="/usr/bin/ldappasswd"
LDAP_MODIFY="/usr/bin/ldapmodify"

#DN of User
USER_DN="uid=$1,ou=users,o=mydomain,c=com"

#Get Date
TS=`date +%s`
SLC="$(($TS/24/3600))"

#-> MODIFY userPassword
$LDAP_PASSWD -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS -S $USER_DN

#-> MODIFY shadowlastchange
if [ $? -eq 0 ]; then
echo "dn: $USER_DN
changetype: modify
replace: shadowLastChange
shadowLastChange: $SLC" | $LDAP_MODIFY -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS >/dev/null 2>&1
fi

exit
#---------------------------------------------------------

kind regards
Matthias


Hiu Yen Onn schrieb:
Hi,

i have configured a Samba PDC based on idealx.org.
now, whenever i set the sambaMustChangePassword flag to 0, then
from the subsequent logon, there is a popup urge me for changing password.
now, the problem is after i have changed the password, the sambaMustChangePassword is set to 2147483647(unix timestamp), which if i converted it into human readable format, it will be 2038 year, bla..bla..and bla second. it is really unbelieveable that my password will be lasted until year 2038 year??? i have looked thoroughly on the internet resources, some mentioning about on defaultMaxPasswordAge flag. I think i have set it to 55 (actually, i dunno whether what is the quantity representing, day?? time??). but, i have no point to make it works.

so, i am seeking the solution making the password expiry feature avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.

Cheers,
yenonn
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to