[Samba] with ldap - samba - password sync - domain group map
- login message
zmoelnig at iem.at
Thu Jun 13 07:07:40 GMT 2002
NSC - NetworkServiceCenter wrote:
> hello list!
> the basic systems worked and all problems i'm going to describe occurred in
> both testenvironments!
> 1. after login from w2k i get the message, that the password expires and
> asks me if i want to change. if i change or not, at next logon the
> situation is the same, but i can login over a few weeks without
> - the only information i found about in the web is, that i can set the
> users pwdLastSet to -1, but, on the one hand, i doesn't work and on the
> other hand, if anyone changes his password this field would be overwritten
> automatically and the old problem starts again.
some report that the account flags have to be [UX ] (with added X),
which means that the password will not expire. however, i think this
didn't work for men.
my solution (found in some ldap-samba-pdc-howto) was to set the
pwdMustChange to 2147483647 (which is far in the future: 2030 or something)
> 2. the unix password sync doesn't work. but i think there are two different
> problems, but let me describe: if i activated the password sync, i got on
you have to set the password chat to something that reflects your
systems password chat (no na)
on my system, when i try to change my password (with correct
pam.d/passwd pam_ldap.conf etc) with "passwd" i get following dialog:
Re-enter new password:
so the password chat in [global] is as follows:
passwd program = /usr/bin/passwd %u
passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n .
> 3. the domain group map doesn't work! i found a lot of descriptions about
i have not tried this yet, but i think that 2.2.3a does not supprt
domain-group-mapping (but 2.2.4 should ???)
More information about the samba