[Samba] Your password expires today problem

Marcelo Terres mhterres at gmail.com
Wed Feb 24 14:25:20 MST 2010 

Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the
policies domain account (configured with pdbedit).

This feature starts in 3.0.25 and the problems with password expiration
starts in the version either.

Regards,

Marcelo H. Terres
mhterres at gmail.com
****************************************
ICQ: 6649932
MSN: mhterres at hotmail.com
Jabber: mhterres at jabber.org
http://twitter.com/mhterres
http://identi.ca/mhterres
****************************************
http://mundoopensource.blogspot.com/
http://www.propus.com.br
Sent from Porto Alegre, RS, Brazil

On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt <
martin.schmidt at uni-wuerzburg.de> wrote:

> Hi,
>
> I have a very similiar problem, but the story is an other:
>
> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3
> (pdc). The user-accounts were moved following this instruction:
> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/.
> When some user now try to login to the domain from a xp-client following
> message appears at every login: "Your Windows password has expired and must
> be changed. You must change your password now!" The user can change the
> password and everything works fine. But at next login the same story. This
> happens only to some of the old users and to all users created after
> migration. Any idea what could be the reason for this? I already searched a
> lot but didn't find something like this.
>
> Thanks for any info.
>
> Regards,
> Martin
>
> Dipl.- Geogr. Martin Schmidt
>
> Würzburg University
> Department of Geography
> Remote Sensing Unit
> &
> German Remote Sensing Data Center (DFD) at
> German Aerospace Center (DLR) Oberpfaffenhofen
> --------------------------------------------------------
> Am Hubland
> 97074 Würzburg
> phone: +49 (931) 31-88179
> fax:   +49 (931) 888-5544
> eMail: martin.schmidt at uni-wuerzburg.de
>
>
>
> Here my smb.conf:
>
> [global]
>   #log file = /var/log/samba.%m
>   smb ports = 139 445
>         #root = administrator
>   #DOMAIN ADMINS = root, administrator
>
>   #----Allgemeine
> Einstellungen--------------------------------------------------
>   #Workgroup
>   netbios name = XXX     #netbios aliases =  XXX
>   server string = XXX
>   workgroup = XXX
>   guest account = XXX
>
>
>
> #-----Sicherheit--------------------------------------------------------------
>   #Nur Subnetz FE zulassen
>   hosts deny = XXX
>   hosts allow = XXX
>
>   #Nur die Ethernet Karte 0 und Loopback zulassen
>   interfaces = eth0 lo
>   bind interfaces only = yes
>
>   #Unbekannt Nutzer rejecten
>   #map to guest = Never
>
>   #Zugriff auf benutzerdefinierte Freigaben nicht erlauben
>   #usershare allow guests = No
>
>   #Kommunikation der Clients mit Samba auf User Ebene
>   #Passwort - Backend
>   #passdb backend = tdbsam:/etc/samba/passdb.tdb
>   passdb backend= smbpasswd     security = user
>   encrypt passwords = true     smb passwd file = /etc/samba/smbpasswd
>   passwd program = /usr/bin/smbpasswd %u
>   unix password sync = false
>   obey pam restrictions = yes
>
>   #Fuer bestimmte Nutzer gibts extra smb.conf Dateien
>   config file = /etc/samba/smb.conf.%U
>
>
>   #---- Roaming Profiles
> -----------------------------------------------------
>   #Antworten auf WIN98/95 Anfragen
>   domain logons = Yes
>   logon path = \\%L\profiles\%U
>   logon drive = Q:
>   #logon script = logon.cmd
>
>   #---- Browsing und Domain Master (PDC)
> -------------------------------------
>   #wins support = Yes
>   #wins server = XXX
>   #wins proxy = yes
>   #PDC im Subnetz
>   domain master = Yes
>   local master = Yes
>   preferred master = Yes
>   os level = 65
>   #client-side caching policy
>   #csc policy = disable
>
>
> #----Benutzerverwaltung-----------------------------------------------------
>   #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort
>   #add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
> /bin/false %m$
>
>
> #---Drucker----------------------------------------------------------------
>   load printers = no
>   printing = bsd
>   printcap name = /dev/null
>   disable spoolss = yes
>
>
> #----Tuning-----------------------------------------------------------------
>   socket options = TCP_NODELAY IPTOS_LOWDELAY
>   #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des
> Clients
>   deadtime = 10
>   #getwd cache = yes
>   #kernel oplocks = no
>   ldap suffix =
>   log level = 1
>     #Sonstiger Mist
>   #include = /etc/samba/dhcp.conf
>   dos charset = CP850
>   display charset = ISO8859-1
>   unix charset = ISO8859-1
>   #oplock break wait time = 20
>   #oplocks = no
>   #kernel oplocks = no
>
>   #---- Zeit-Server
> ----------------------------------------------------------
>   time server = true
>
> ###################################
> # Anmeldung Freigaben #############
> ###################################
>
> [homes]
>   comment = Home Directories
>   valid users = %S, %D%w%S
>   browseable = No
>   read only = No
>   inherit acls = Yes
>   create mask = 0664
>   directory mask = 0775
>
> [profiles]
>   comment = Network Profiles Service
>   path = /home/samba/windowsprofiles
>   hide files = /desktop.ini/
>   read only = No
>   browseable = No
>   guest ok = Yes
>   writable = Yes
>   printable = No
>   store dos attributes = Yes
>   create mask = 0700
>   directory mask = 0700
>
>  [netlogon]
>   comment = Network Logon Service2
>   path = /home/samba/netlogon/%g
>   guest ok = Yes
>   browseable = No
>   read only = No
>   writable = Yes
>
>
> ###################################
> # Freigaben #######################
> ###################################
> ...
>
>
>
>
> Marcelo Terres schrieb:
>
>  Hi.
>>
>> I enabled policies with pdbedit. Password must be changed every 90 days
>> and
>> must contain at least 8 characters. I enabled password history too.
>>
>> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour)
>> every
>> time a user try to log in the domain using Windows receives a "Your
>> password
>> expires today. Do you want to change it now ?" message box. If the
>> password
>> is changed, the message appear again next time the user try to login. If
>> the
>> user answers no the same thing happens in the next login.
>>
>> I tested it with a lot of users and changed the passwords several times
>> and
>> the problem continues.
>>
>> Anybody have some idea about this problem ?
>>
>> Thanks in advance.
>>
>> Regards,
>>
>> Marcelo H. Terres
>> mhterres at gmail.com
>> ****************************************
>> ICQ: 6649932
>> MSN: mhterres at hotmail.com
>> Jabber: mhterres at jabber.org
>> http://twitter.com/mhterres
>> http://identi.ca/mhterres
>> ****************************************
>> http://mundoopensource.blogspot.com/
>> http://www.propus.com.br
>> Sent from Porto Alegre, RS, Brazil
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list