Found out one more guys.
If you set the
Code:
obey pam restrictions = Yes
attribute in the [general] section in of smb.conf (and restart samba), samba will obey the pam password expiry (note that the users will immediately be denied access to samba resources and will be required to change their passwords, if the password has already expired on pam). To check the password expiry date of a user, issue
Code:
ldapsearch -x -b dc=example,dc=com "(uid=username)" | grep sambaPwdMustChange
This will display the password time in unix time stamp. To get the timestamp converted to a readable date issue
Code:
date -d @<timestamp>
I still have to figure out the password policy yet.
Cheers