On Wednesday 08 August 2007 20:17, Matt Anderson wrote: > Dear Help, > > I'm currently running Samba with an LDAP passdb backend. I'm trying to > figure out how to NOT allow a particular user to change their password > (through Windows, or any interface). I've tried modifying the values for > sambaPwdCanChange and sambaPwdMustChange for a particular user, but it > seems like it only effects making them change their password, instead of > whether or not they're ALLOWED to. With OpenLDAP one can use ldap passwd sync = only in smb.conf and let the smbk5pwd overlay synchronize the LM and NT passwords.
If you add the ppolicy overlay you have a clean way to prevent password changes for some acounts (through Windows, or any interface). For instance one can use a pwdPolicy with pwdAllowUserChange: FALSE The only problem is that a Windows client reports a successful password change even though the password was not changed because of the above pwdPolicy. Regards, Thierry. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba