samba-3021a -- password never expire issue

Adam Cody ajcody at digitalhandshakes.com
Wed Jan 25 15:09:42 GMT 2006 

I upgraded to samba-3.0.21a yesterday from 3.0.14a using the sles9
x86_64 packages from the samba website. Everything appears to work
very well, resolved some acl issues we were having even. I am left
with a new problem though. Our different pam sessions now prompt the
user about their password expiring and having to change it  IF their
user account under windows is set to "never expire". Accounts without
this options login normally. Another thing to note, is I su - XXXX\xxx
into the account and simply hit return for the password it bypasses
the error message and logins me in as the user.

Any thoughts?
Regards,
Adam Cody

dtc-archive:/etc/pam.d # su - XXXXXX\\xxxx
Password:
Your password has expired
su: incorrect password



**It's not incorrect and the user account can access the smb shares fine.**

What was installed:

dtc-archive:~/samba-3021a # ls -A
ldapsmb-1.34-6.1.11.x86_64.rpm               
samba-client-3.0.21a-3.1.11.x86_64.rpm
libmsrpc-3.0.21a-3.1.11.x86_64.rpm           
samba-pdb-3.0.21a-3.1.11.x86_64.rpm
libmsrpc-devel-3.0.21a-3.1.11.x86_64.rpm     
samba-python-3.0.21a-3.1.11.x86_64.rpm
libsmbclient-3.0.21a-3.1.11.x86_64.rpm       
samba-vscan-0.3.6b-0.13.11.x86_64.rpm
libsmbclient-devel-3.0.21a-3.1.11.x86_64.rpm 
samba-winbind-3.0.21a-3.1.11.x86_64.rpm
samba-3.0.21a-3.1.11.x86_64.rpm

dtc-archive:/etc/pam.d # rpm -qa | grep pam_smb
pam_smb-2.0.0rc5-38.3

>From /var/log/messages:
Jan 25 09:54:42 dtc-archive pam_winbind[29786]: pam_sm_acct_mgmt
success but PAM_WINBIND_NEW_AUTHTOK_REQD is set
Jan 25 09:54:42 dtc-archive pam_winbind[29786]: user 'XXXXXX\xxxx'
needs new password

dtc-archive:/etc/pam.d # grep winbind *
login:auth      sufficient      pam_winbind.so
login:account   sufficient      pam_winbind.so
passwd:auth     sufficient      pam_winbind.so
passwd:account sufficient       pam_winbind.so
pure-ftpd:auth     sufficient   pam_winbind.so
pure-ftpd:account    sufficient   pam_winbind.so
rlogin:auth      sufficient     pam_winbind.so
rlogin:account   sufficient     pam_winbind.so
samba:auth         sufficient   pam_winbind.so
samba:account    sufficient   pam_winbind.so
samba.rpmsave:#auth     sufficient      pam_winbind.so
samba.rpmsave:#account  sufficient      pam_winbind.so
samba.rpmsave:#auth       sufficient   pam_winbind.so
samba.rpmsave:#account    sufficient   pam_winbind.so
sshd:auth sufficient    pam_winbind.so
sshd:account    sufficient      pam_winbind.so
sshd:password sufficient        pam_winbind.so
su:auth       sufficient   pam_winbind.so
su:account    sufficient   pam_winbind.so
xdm:auth         sufficient     pam_winbind.so
xdm:account      sufficient     pam_winbind.so

More information about the samba-technical mailing list