Created attachment 7604 [details] smb.conf used on pdc server. Hello, We have a samba domain running on 3 samba 3.5.10 servers (all centos5 with default samba3x packages). The samba domain stores its information on an ldap server (openldap-servers-2.3.43-25.el5). We use pdbedit -P -C to set the domain account policies, but they are reset to the default values after a few minutes. The policies we set are: Account policy "bad lockout attempt" value was: 0 Account policy "bad lockout attempt" value is now: 5 Account policy "maximum password age" value was: -1 Account policy "maximum password age" value is now: 10368000 Account policy "min password length" value was: 5 Account policy "min password length" value is now: 12 Account policy "password history" value was: 0 Account policy "password history" value is now: 13 Account policy "user must logon to change password" value was: 0 Account policy "user must logon to change password" value is now: 2 Seeing at the ldap server: [vbs@woody ~]$ ldapsearch -x -D"cn=ldap-root,dc=e-trust,dc=com,dc=br" -W sambadomainname=etrust Enter LDAP Password: # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: sambadomainname=etrust # requesting: ALL # # ETRUST, e-trust.com.br dn: sambaDomainName=ETRUST,dc=e-trust,dc=com,dc=br sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: ETRUST sambaSID: S-1-5-21-XXX-XXX-XXX sambaNextGroupRid: 61012 sambaNextUserRid: 61108 sambaNextRid: 61156 uidNumber: 61492 gidNumber: 61180 sambaMinPwdAge: 0 sambaRefuseMachinePwdChange: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 5 sambaMaxPwdAge: 10368000 sambaMinPwdLength: 12 sambaPwdHistoryLength: 13 sambaLogonToChgPwd: 2 And then, after a few minutes they go back: pdbedit -P "maximum password age" account policy "maximum password age" description: Maximum password age, in seconds (default: -1 => never expire passwords) account policy "maximum password age" value is: 4294967295 [vbs@woody ~]$ ldapsearch -x -D"cn=ldap-root,dc=e-trust,dc=com,dc=br" -W sambadomainname=etrust Enter LDAP Password: # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: sambadomainname=etrust # requesting: ALL # # ETRUST, e-trust.com.br dn: sambaDomainName=ETRUST,dc=e-trust,dc=com,dc=br sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: ETRUST sambaSID: S-1-5-21-XXX-XXX-XXX sambaNextGroupRid: 61012 sambaNextUserRid: 61108 sambaNextRid: 61156 uidNumber: 61492 gidNumber: 61180 sambaMinPwdAge: 0 sambaRefuseMachinePwdChange: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaMinPwdLength: 12 sambaLogonToChgPwd: 2 sambaPwdHistoryLength: 0 sambaLockoutThreshold: 0 sambaMaxPwdAge: -1 We're trying to find out why. Any suggestions on debugs we can make ?