[Samba] pam_winbind + password never expires

Ron Garcia-Vidal ghstwrtr at evilgenius.net
Thu Jan 4 17:05:59 GMT 2007


I read a few posts in the archives about this problem and that it was to 
be fixed in 3.0.23c.  Currently I'm running 3.0.23d-2+b1 on a debian 
system and am getting the following:

$ ssh -l testuser fileserver
Password:
Your password has expired

Here's what auth.log shows:

Jan  4 11:46:26 tmcsamba1 pam_winbind[14309]: user 'DOMAIN1+testuser' OK
Jan  4 11:46:26 tmcsamba1 pam_winbind[14309]: user 'DOMAIN1+testuser' 
granted access
Jan  4 11:46:26 tmcsamba1 smbd[14309]: (pam_unix) session opened for 
user DOMAIN1+testuser by (uid=0)
Jan  4 11:46:26 tmcsamba1 pam_winbind[14310]: user 'DOMAIN1+testuser' OK
Jan  4 11:46:26 tmcsamba1 pam_winbind[14310]: user 'DOMAIN1+testuser' 
granted access
Jan  4 11:46:26 tmcsamba1 smbd[14310]: (pam_unix) session opened for 
user DOMAIN1+testuser by (uid=0)
Jan  4 11:46:26 tmcsamba1 smbd[14309]: (pam_unix) session closed for 
user DOMAIN1+testuser
Jan  4 11:46:26 tmcsamba1 smbd[14310]: (pam_unix) session closed for 
user DOMAIN1+testuser
Jan  4 11:48:41 tmcsamba1 pam_winbind[14324]: user 'testuser' granted access
Jan  4 11:48:41 tmcsamba1 pam_winbind[14324]: user 'testuser' OK
Jan  4 11:48:41 tmcsamba1 pam_winbind[14324]: pam_sm_acct_mgmt success 
but PAM_WINBIND_NEW_AUTHTOK_REQD is set
Jan  4 11:48:41 tmcsamba1 pam_winbind[14324]: user 'testuser' needs new 
password
Jan  4 11:48:41 tmcsamba1 sshd[14324]: (pam_unix) user "testuser" does 
not exist in /etc/passwd or NIS

If there anything else I need to upgrade or restart in order to shake 
this problem?  I know I can set the global policy to password never 
expires, but I don't want to do tha tsince there are only a few users 
that I want to allow to not change their passwords.


More information about the samba mailing list