Change Samba Password Expiry Setting with pdbedit

We have a Zentyal (Formerly EBox) Linux Small Business Server running as our office file/print server. Its runs smoothly hardly needs any maintenance. Except for this one issue, every few weeks I hear complains from staff that they can't logon to file server.

Quick peek at the Samba server logs reveals that 'password expired'. So there is password aging setting in force here.

 
[2010/12/05 17:33:45, 1] auth/auth_sam.c:sam_account_ok(179) sam_account_ok: Account for user 'tom' password expired!.
[2010/12/05 17:33:45, 1] auth/auth_sam.c:sam_account_ok(180) sam_account_ok: Password expired at 'Sat, 04 Dec 2010 15:20:57 SST' (1291515657) unix time. 

Lets remedy that using Samba pdbedit tool. We are gonna reset the 'Password must change' policy to all the users on the server.

Zentyal uses LDAP to manage the passwords, so we use '-b' option to point to the LDAP backend. And we change the default policy to passwords never expire.

pdbedit -b ldapsam:ldapi://var/run/slapd/ldapi  -P 'maximum password age' -C -1

account policy "maximum password age" description: Maximum password age, in seconds (default: -1 => never expire passwords)
account policy "maximum password age" value was: 0
account policy "maximum password age" value is now: 4294967295

# Defaults Before reset 
Unix username:        tom
NT username:          tom
Account Flags:        [U          ]
User SID:             S-1-5-21-3818554400-921237426-3143208535-5056
Primary Group SID:    S-1-5-21-3818554400-921237426-3143208535-513
Full Name:            Tom Thumb
Home Directory:       \\filesrvr\homes\tom
HomeDir Drive:        H:
Logon Script:         logon.bat
Profile Path:         
Domain:               SRV
Account desc:         Thumb Sucker
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Sun, 05 Dec 2010 17:46:51 SST
Password can change:  Sun, 05 Dec 2010 17:46:51 SST
Password must change: Sat, 05 Mar 2011 17:46:51 SST
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
init_sam_from_ldap: Failed to get password history for user director

# After reset

Unix username:        tom
NT username:          tom
Account Flags:        [U          ]
User SID:             S-1-5-21-3818554400-921237426-3143208535-5056
Primary Group SID:    S-1-5-21-3818554400-921237426-3143208535-513
Full Name:            Tom Thumb
Home Directory:       \\filesrvr\homes\tom
HomeDir Drive:        H:
Logon Script:         logon.bat
Profile Path:         
Domain:               SRV
Account desc:         Thumb Sucker
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Sun, 05 Dec 2010 17:46:51 SST
Password can change:  Sun, 05 Dec 2010 17:46:51 SST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF