[Samba] Your password expires today problem
Richard Lamboj
Richard.Lamboj at gmx.at
Thu Mar 11 00:04:22 MST 2010
Hello,
i got this Problem with Samba 3.4.6 and 3.5.1 and yes i know there is already a bug report.
Your workaround doesn't work for me. Is there another solution?
This don't work: pdbedit -P "maximum password age" -C 4294967294
I'am using LDAP. We have Upgraded from 3.2.14. The LDAP Schema Files don't have changed, or?
Kind Regards
Richi
-------- Original-Nachricht --------
> Datum: Mon, 01 Mar 2010 12:49:28 +0100
> Von: Martin Schmidt <martin.schmidt at uni-wuerzburg.de>
> An: Marcelo Terres <mhterres at gmail.com>
> CC: samba at lists.samba.org
> Betreff: Re: [Samba] Your password expires today problem
> Am 26.02.2010 14:51, schrieb Marcelo Terres:
> > Let me understand.
> >
> >
> >
> > On Fri, Feb 26, 2010 at 6:52 AM, Martin Schmidt
> > <martin.schmidt at uni-wuerzburg.de
> > <mailto:martin.schmidt at uni-wuerzburg.de>> wrote:
> >
> > hi again,
> >
> > in my case it works now after setting the "maximum password age"
> > to a point far in future, but not to "never".
> > So this works:
> > pdbedit -P "maximum password age" -C 4294967294
> >
> >
> > This way, the message stops ?
> see below.
> >
> > but this not:
> >
> > pdbedit -P "maximum password age" -C -1
> >
> > I have also re-disabled the users account control property
> > "Password does not expire" using
> > pdbedit -r -c "[]" test
> >
> > Unix username: test
> > NT username: Account Flags: [U ]
> >
> > User SID: S-1-5-21-1200361472-1041780773-253280391-2648
> > Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513
> > Full Name: Home Directory: \\fecenter\test
> > HomeDir Drive: Q:
> > Logon Script: Profile Path: \\fecenter\profiles\test
> > Domain: LSFE
> > Account desc: Workstations: Munged dial:
> > Logon time: 0
> > Logoff time: never
> > Kickoff time: never
> > Password last set: Thu, 25 Feb 2010 10:35:29 CET
> > Password can change: Thu, 25 Feb 2010 10:35:29 CET
> > Password must change: Sun, 03 Apr 2146 18:03:43 CEST
> >
> > Last bad password : 0
> > Bad password count : 0
> > Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> >
> > I could have hit on it in a moment!
> >
> >
> > Disabling this policy the message stop too ?
> I'm not sure what stoped the message eventually. But I think the first
> one, the second procedure was only to undo my changes I have done while
> testing.
>
> Regards,
> Martin
>
> >
> > Regards ,
> >
> >
> > regards,
> > Martin
> >
> >
> >
> >
> > Martin Schmidt schrieb:
> >
> > hi,
> > I tried pdbedit -P "maximum password age" -C -1, but with no
> > effect.
> > pdbedit -r -c "[X]" test and retyping the password via
> > "smbpasswd test" had also no effect, curiously "pdbedit -v
> > test" gives following:
> >
> > Unix username: test
> > NT username: Account Flags: [UX ]
> > User SID:
> > S-1-5-21-1200361472-1041780773-253280391-2648
> > Primary Group SID:
> S-1-5-21-1200361472-1041780773-253280391-513
> > Full Name: Home Directory: \\fecenter\test
> > HomeDir Drive: Q:
> > Logon Script: Profile Path:
> > \\fecenter\profiles\test
> > Domain: LSFE
> > Account desc: Workstations: Munged dial:
> > Logon time: 0
> > Logoff time: never
> > Kickoff time: never
> > Password last set: Thu, 25 Feb 2010 09:47:06 CET
> > Password can change: Thu, 25 Feb 2010 09:47:06 CET
> > Password must change: never
> > Last bad password : 0
> > Bad password count : 0
> > Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> >
> >
> > regards,
> > Martin
> >
> >
> >
> > Gaiseric Vandal schrieb:
> >
> > We had a few users with the same problem when we moved the
> > password backend from tdb to ldap. The following
> > command seem to fix it.
> >
> > pdbedit -P "maximum password age" -C -1
> >
> >
> >
> >
> > On 02/24/2010 04:25 PM, Marcelo Terres wrote:
> >
> > Samba 3.0.24 doesn't have the problem, maybe because
> > it doesn't support the
> > policies domain account (configured with pdbedit).
> >
> > This feature starts in 3.0.25 and the problems with
> > password expiration
> > starts in the version either.
> >
> > Regards,
> >
> > Marcelo H. Terres
> > mhterres at gmail.com <mailto:mhterres at gmail.com>
> > ****************************************
> > ICQ: 6649932
> > MSN: mhterres at hotmail.com <mailto:mhterres at hotmail.com>
> > Jabber: mhterres at jabber.org <mailto:mhterres at jabber.org>
> > http://twitter.com/mhterres
> > http://identi.ca/mhterres
> > ****************************************
> > http://mundoopensource.blogspot.com/
> > http://www.propus.com.br
> > Sent from Porto Alegre, RS, Brazil
> >
> > On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt<
> > martin.schmidt at uni-wuerzburg.de
> > <mailto:martin.schmidt at uni-wuerzburg.de>> wrote:
> >
> >
> > Hi,
> >
> > I have a very similiar problem, but the story is
> > an other:
> >
> > I migrated from sles 10 sp2 samba 3.0.24 to ubuntu
> > 9.10 server samba 3.4.3
> > (pdc). The user-accounts were moved following this
> > instruction:
> >
> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/.
> >
> > When some user now try to login to the domain from
> > a xp-client following
> > message appears at every login: "Your Windows
> > password has expired and must
> > be changed. You must change your password now!"
> > The user can change the
> > password and everything works fine. But at next
> > login the same story. This
> > happens only to some of the old users and to all
> > users created after
> > migration. Any idea what could be the reason for
> > this? I already searched a
> > lot but didn't find something like this.
> >
> > Thanks for any info.
> >
> > Regards,
> > Martin
> >
> > Dipl.- Geogr. Martin Schmidt
> >
> > Würzburg University
> > Department of Geography
> > Remote Sensing Unit
> > &
> > German Remote Sensing Data Center (DFD) at
> > German Aerospace Center (DLR) Oberpfaffenhofen
> >
> --------------------------------------------------------
> > Am Hubland
> > 97074 Würzburg
> > phone: +49 (931) 31-88179
> > fax: +49 (931) 888-5544
> > eMail: martin.schmidt at uni-wuerzburg.de
> > <mailto:martin.schmidt at uni-wuerzburg.de>
> >
> >
> >
> > Here my smb.conf:
> >
> > [global]
> > #log file = /var/log/samba.%m
> > smb ports = 139 445
> > #root = administrator
> > #DOMAIN ADMINS = root, administrator
> >
> > #----Allgemeine
> >
> Einstellungen--------------------------------------------------
> > #Workgroup
> > netbios name = XXX #netbios aliases = XXX
> > server string = XXX
> > workgroup = XXX
> > guest account = XXX
> >
> >
> >
> >
> #-----Sicherheit--------------------------------------------------------------
> >
> > #Nur Subnetz FE zulassen
> > hosts deny = XXX
> > hosts allow = XXX
> >
> > #Nur die Ethernet Karte 0 und Loopback zulassen
> > interfaces = eth0 lo
> > bind interfaces only = yes
> >
> > #Unbekannt Nutzer rejecten
> > #map to guest = Never
> >
> > #Zugriff auf benutzerdefinierte Freigaben nicht
> > erlauben
> > #usershare allow guests = No
> >
> > #Kommunikation der Clients mit Samba auf User
> Ebene
> > #Passwort - Backend
> > #passdb backend = tdbsam:/etc/samba/passdb.tdb
> > passdb backend= smbpasswd security = user
> > encrypt passwords = true smb passwd file =
> > /etc/samba/smbpasswd
> > passwd program = /usr/bin/smbpasswd %u
> > unix password sync = false
> > obey pam restrictions = yes
> >
> > #Fuer bestimmte Nutzer gibts extra smb.conf
> Dateien
> > config file = /etc/samba/smb.conf.%U
> >
> >
> > #---- Roaming Profiles
> >
> -----------------------------------------------------
> > #Antworten auf WIN98/95 Anfragen
> > domain logons = Yes
> > logon path = \\%L\profiles\%U
> > logon drive = Q:
> > #logon script = logon.cmd
> >
> > #---- Browsing und Domain Master (PDC)
> > -------------------------------------
> > #wins support = Yes
> > #wins server = XXX
> > #wins proxy = yes
> > #PDC im Subnetz
> > domain master = Yes
> > local master = Yes
> > preferred master = Yes
> > os level = 65
> > #client-side caching policy
> > #csc policy = disable
> >
> >
> >
> #----Benutzerverwaltung-----------------------------------------------------
> >
> > #Hinzufuegen einer Maschine ueber die Methode
> > Benutzername/Passwort
> > #add machine script = /usr/sbin/useradd -c
> > Machine -d /var/lib/nobody -s
> > /bin/false %m$
> >
> >
> >
> #---Drucker----------------------------------------------------------------
> >
> > load printers = no
> > printing = bsd
> > printcap name = /dev/null
> > disable spoolss = yes
> >
> >
> >
> #----Tuning-----------------------------------------------------------------
> >
> > socket options = TCP_NODELAY IPTOS_LOWDELAY
> > #Zeit zur Unterbrechung der Verbindung
> > Server-Client bei Verlust des
> > Clients
> > deadtime = 10
> > #getwd cache = yes
> > #kernel oplocks = no
> > ldap suffix =
> > log level = 1
> > #Sonstiger Mist
> > #include = /etc/samba/dhcp.conf
> > dos charset = CP850
> > display charset = ISO8859-1
> > unix charset = ISO8859-1
> > #oplock break wait time = 20
> > #oplocks = no
> > #kernel oplocks = no
> >
> > #---- Zeit-Server
> >
> ----------------------------------------------------------
> > time server = true
> >
> > ###################################
> > # Anmeldung Freigaben #############
> > ###################################
> >
> > [homes]
> > comment = Home Directories
> > valid users = %S, %D%w%S
> > browseable = No
> > read only = No
> > inherit acls = Yes
> > create mask = 0664
> > directory mask = 0775
> >
> > [profiles]
> > comment = Network Profiles Service
> > path = /home/samba/windowsprofiles
> > hide files = /desktop.ini/
> > read only = No
> > browseable = No
> > guest ok = Yes
> > writable = Yes
> > printable = No
> > store dos attributes = Yes
> > create mask = 0700
> > directory mask = 0700
> >
> > [netlogon]
> > comment = Network Logon Service2
> > path = /home/samba/netlogon/%g
> > guest ok = Yes
> > browseable = No
> > read only = No
> > writable = Yes
> >
> >
> > ###################################
> > # Freigaben #######################
> > ###################################
> > ...
> >
> >
> >
> >
> > Marcelo Terres schrieb:
> >
> > Hi.
> >
> > I enabled policies with pdbedit. Password must
> > be changed every 90 days
> > and
> > must contain at least 8 characters. I enabled
> > password history too.
> >
> > After that (I tried it in samba 3.4.3 and
> > 3.0.25 with same behaviour)
> > every
> > time a user try to log in the domain using
> > Windows receives a "Your
> > password
> > expires today. Do you want to change it now ?"
> > message box. If the
> > password
> > is changed, the message appear again next time
> > the user try to login. If
> > the
> > user answers no the same thing happens in the
> > next login.
> >
> > I tested it with a lot of users and changed
> > the passwords several times
> > and
> > the problem continues.
> >
> > Anybody have some idea about this problem ?
> >
> > Thanks in advance.
> >
> > Regards,
> >
> > Marcelo H. Terres
> > mhterres at gmail.com <mailto:mhterres at gmail.com>
> > ****************************************
> > ICQ: 6649932
> > MSN: mhterres at hotmail.com
> > <mailto:mhterres at hotmail.com>
> > Jabber: mhterres at jabber.org
> > <mailto:mhterres at jabber.org>
> > http://twitter.com/mhterres
> > http://identi.ca/mhterres
> > ****************************************
> > http://mundoopensource.blogspot.com/
> > http://www.propus.com.br
> > Sent from Porto Alegre, RS, Brazil
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following
> > URL and read the
> > instructions:
> > https://lists.samba.org/mailman/options/samba
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
> >
> >
> >
> > Marcelo H. Terres
> > mhterres at gmail.com <mailto:mhterres at gmail.com>
> > ****************************************
> > ICQ: 6649932
> > MSN: mhterres at hotmail.com <mailto:mhterres at hotmail.com>
> > Jabber: mhterres at jabber.org <mailto:mhterres at jabber.org>
> > http://twitter.com/mhterres
> > http://identi.ca/mhterres
> > ****************************************
> > http://mundoopensource.blogspot.com/
> > http://www.propus.com.br
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
Sicherer, schneller und einfacher. Die aktuellen Internet-Browser -
jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser
--
Sicherer, schneller und einfacher. Die aktuellen Internet-Browser -
jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser
More information about the samba
mailing list