diff --git a/lam/HISTORY b/lam/HISTORY
index 818f0748..74013c41 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -4,6 +4,7 @@ June 2016 5.4
    -> New module for 389ds unlocking and deactivation status
    -> Self registration: support for Google reCAPTCHA
    -> Password notification jobs support CC and BCC
+   -> Self Service: Samba 3 supports password history and minimum age check
 
 
 21.03.2016 5.3
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index aa5d4039..391f6d1b 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -997,7 +997,7 @@ Have fun!
         <title>Version specific upgrade instructions</title>
 
         <section>
-          <title>5.1 -&gt; 5.3</title>
+          <title>5.1 -&gt; 5.4</title>
 
           <para>No special actions needed.</para>
         </section>
@@ -8412,6 +8412,25 @@ OK (10 msec)</programlisting>
         </screenshot>
       </section>
 
+      <section>
+        <title>Samba 3</title>
+
+        <para>LAM Pro can check the password history and minimum age for Samba
+        3 password changes. In this case please provide the LDAP suffix where
+        your Samba 3 domain(s) are stored.</para>
+
+        <para>If you leave the field empty then no history and age checks will
+        be done.</para>
+
+        <screenshot>
+          <mediaobject>
+            <imageobject>
+              <imagedata fileref="images/selfServiceSambaDomains.png" />
+            </imageobject>
+          </mediaobject>
+        </screenshot>
+      </section>
+
       <section id="PasswordSelfReset">
         <title>Password self reset</title>
 
diff --git a/lam/docs/manual-sources/images/selfServiceSambaDomains.png b/lam/docs/manual-sources/images/selfServiceSambaDomains.png
new file mode 100644
index 00000000..c9f57ac8
Binary files /dev/null and b/lam/docs/manual-sources/images/selfServiceSambaDomains.png differ
diff --git a/lam/lib/modules/sambaSamAccount.inc b/lam/lib/modules/sambaSamAccount.inc
index 0a530c69..412d3766 100644
--- a/lam/lib/modules/sambaSamAccount.inc
+++ b/lam/lib/modules/sambaSamAccount.inc
@@ -2374,8 +2374,10 @@ class sambaSamAccount extends baseModule implements passwordService {
 	private function doSelfServicePasswordHistoryAndMinAge($attributes, &$return) {
 		if (!empty($this->selfServiceSettings->moduleSettings['sambaSamAccount_domainSuffix'][0])) {
 			$sambaDomain = $this->getUserDomain($attributes, $_SESSION['ldapHandle'], $this->selfServiceSettings->moduleSettings['sambaSamAccount_domainSuffix'][0]);
-			if (($sambaDomain != null)
-				&& !empty($sambaDomain->pwdHistoryLength)
+			if ($sambaDomain == null) {
+				return;
+			}
+			if (!empty($sambaDomain->pwdHistoryLength)
 				&& is_numeric($sambaDomain->pwdHistoryLength)
 				&& ($sambaDomain->pwdHistoryLength > 0)) {
 				if (sambaSamAccount::oldPasswordUsed($return['info']['sambaUserPasswordClearText'][0], $attributes, $sambaDomain)) {
@@ -2397,7 +2399,16 @@ class sambaSamAccount extends baseModule implements passwordService {
 					}
 				}
 			}
-			// TODO check min age
+			// check min age
+			if (!empty($sambaDomain->minPwdAge) && ($sambaDomain->minPwdAge > 0) && !empty($attributes['sambaPwdLastSet'][0])) {
+				$timeVal = $attributes['sambaPwdLastSet'][0] + $sambaDomain->minPwdAge;
+				$time = new DateTime('@' . $timeVal, new DateTimeZone('UTC'));
+				$time->setTimezone(getTimeZone());
+				$now = new DateTime(null, getTimeZone());
+				if ($time > $now) {
+					$return['messages'][] = array('ERROR', _('You are not yet allowed to change your password.'));
+				}
+			}
 		}
 	}