[Samba] Your password expires today problem

Martin Schmidt martin.schmidt at uni-wuerzburg.de
Wed Feb 24 10:38:30 MST 2010


Hi,

I have a very similiar problem, but the story is an other:

I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 
3.4.3 (pdc). The user-accounts were moved following this instruction: 
http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. 
When some user now try to login to the domain from a xp-client following 
message appears at every login: "Your Windows password has expired and 
must be changed. You must change your password now!" The user can change 
the password and everything works fine. But at next login the same 
story. This happens only to some of the old users and to all users 
created after migration. Any idea what could be the reason for this? I 
already searched a lot but didn't find something like this.

Thanks for any info.

Regards,
Martin

Dipl.- Geogr. Martin Schmidt

Würzburg University
Department of Geography
Remote Sensing Unit
&
German Remote Sensing Data Center (DFD) at
German Aerospace Center (DLR) Oberpfaffenhofen
--------------------------------------------------------
Am Hubland
97074 Würzburg
phone: +49 (931) 31-88179
fax:   +49 (931) 888-5544
eMail: martin.schmidt at uni-wuerzburg.de



Here my smb.conf:

[global]
    #log file = /var/log/samba.%m
    smb ports = 139 445
       
    #root = administrator
    #DOMAIN ADMINS = root, administrator

    #----Allgemeine 
Einstellungen--------------------------------------------------
    #Workgroup
    netbios name = XXX   
    #netbios aliases =  XXX
    server string = XXX
    workgroup = XXX
    guest account = XXX


    
#-----Sicherheit--------------------------------------------------------------
    #Nur Subnetz FE zulassen
    hosts deny = XXX
    hosts allow = XXX
   

    #Nur die Ethernet Karte 0 und Loopback zulassen
    interfaces = eth0 lo
    bind interfaces only = yes

    #Unbekannt Nutzer rejecten
    #map to guest = Never

    #Zugriff auf benutzerdefinierte Freigaben nicht erlauben
    #usershare allow guests = No

    #Kommunikation der Clients mit Samba auf User Ebene
    #Passwort - Backend
    #passdb backend = tdbsam:/etc/samba/passdb.tdb
    passdb backend= smbpasswd   
    security = user
    encrypt passwords = true   
    smb passwd file = /etc/samba/smbpasswd
    passwd program = /usr/bin/smbpasswd %u
    unix password sync = false
    obey pam restrictions = yes

    #Fuer bestimmte Nutzer gibts extra smb.conf Dateien
    config file = /etc/samba/smb.conf.%U


    #---- Roaming Profiles 
-----------------------------------------------------
    #Antworten auf WIN98/95 Anfragen
    domain logons = Yes
    logon path = \\%L\profiles\%U
    logon drive = Q:
    #logon script = logon.cmd

    #---- Browsing und Domain Master (PDC) 
-------------------------------------
    #wins support = Yes
    #wins server = XXX
    #wins proxy = yes
    #PDC im Subnetz
    domain master = Yes
    local master = Yes
    preferred master = Yes
    os level = 65
    #client-side caching policy
    #csc policy = disable
   

    
#----Benutzerverwaltung-----------------------------------------------------
    #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort
    #add machine script = /usr/sbin/useradd  -c Machine -d 
/var/lib/nobody -s /bin/false %m$

   
    
#---Drucker----------------------------------------------------------------
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

    
#----Tuning-----------------------------------------------------------------
    socket options = TCP_NODELAY IPTOS_LOWDELAY
    #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des 
Clients
    deadtime = 10
    #getwd cache = yes
    #kernel oplocks = no
    ldap suffix =
    log level = 1
   
    #Sonstiger Mist
    #include = /etc/samba/dhcp.conf
    dos charset = CP850
    display charset = ISO8859-1
    unix charset = ISO8859-1
    #oplock break wait time = 20
    #oplocks = no
    #kernel oplocks = no

    #---- Zeit-Server 
----------------------------------------------------------
    time server = true

###################################
# Anmeldung Freigaben #############
###################################

[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes
    create mask = 0664
    directory mask = 0775

[profiles]
    comment = Network Profiles Service
    path = /home/samba/windowsprofiles
    hide files = /desktop.ini/
    read only = No
    browseable = No
    guest ok = Yes
    writable = Yes
    printable = No
    store dos attributes = Yes
    create mask = 0700
    directory mask = 0700

   
[netlogon]
    comment = Network Logon Service2
    path = /home/samba/netlogon/%g
    guest ok = Yes
    browseable = No
    read only = No
    writable = Yes


###################################
# Freigaben #######################
###################################
...




Marcelo Terres schrieb:
> Hi.
>
> I enabled policies with pdbedit. Password must be changed every 90 days and
> must contain at least 8 characters. I enabled password history too.
>
> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour) every
> time a user try to log in the domain using Windows receives a "Your password
> expires today. Do you want to change it now ?" message box. If the password
> is changed, the message appear again next time the user try to login. If the
> user answers no the same thing happens in the next login.
>
> I tested it with a lot of users and changed the passwords several times and
> the problem continues.
>
> Anybody have some idea about this problem ?
>
> Thanks in advance.
>
> Regards,
>
> Marcelo H. Terres
> mhterres at gmail.com
> ****************************************
> ICQ: 6649932
> MSN: mhterres at hotmail.com
> Jabber: mhterres at jabber.org
> http://twitter.com/mhterres
> http://identi.ca/mhterres
> ****************************************
> http://mundoopensource.blogspot.com/
> http://www.propus.com.br
> Sent from Porto Alegre, RS, Brazil
>   


More information about the samba mailing list