[Samba] Your password expires today problem

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Feb 24 14:36:56 MST 2010 

We had a few users with the same problem when we moved the password 
backend from tdb to ldap.    The following command seem to fix it.

       pdbedit -P "maximum password age" -C -1




On 02/24/2010 04:25 PM, Marcelo Terres wrote:
> Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the
> policies domain account (configured with pdbedit).
>
> This feature starts in 3.0.25 and the problems with password expiration
> starts in the version either.
>
> Regards,
>
> Marcelo H. Terres
> mhterres at gmail.com
> ****************************************
> ICQ: 6649932
> MSN: mhterres at hotmail.com
> Jabber: mhterres at jabber.org
> http://twitter.com/mhterres
> http://identi.ca/mhterres
> ****************************************
> http://mundoopensource.blogspot.com/
> http://www.propus.com.br
> Sent from Porto Alegre, RS, Brazil
>
> On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt<
> martin.schmidt at uni-wuerzburg.de>  wrote:
>
>    
>> Hi,
>>
>> I have a very similiar problem, but the story is an other:
>>
>> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3
>> (pdc). The user-accounts were moved following this instruction:
>> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/.
>> When some user now try to login to the domain from a xp-client following
>> message appears at every login: "Your Windows password has expired and must
>> be changed. You must change your password now!" The user can change the
>> password and everything works fine. But at next login the same story. This
>> happens only to some of the old users and to all users created after
>> migration. Any idea what could be the reason for this? I already searched a
>> lot but didn't find something like this.
>>
>> Thanks for any info.
>>
>> Regards,
>> Martin
>>
>> Dipl.- Geogr. Martin Schmidt
>>
>> Würzburg University
>> Department of Geography
>> Remote Sensing Unit
>> &
>> German Remote Sensing Data Center (DFD) at
>> German Aerospace Center (DLR) Oberpfaffenhofen
>> --------------------------------------------------------
>> Am Hubland
>> 97074 Würzburg
>> phone: +49 (931) 31-88179
>> fax:   +49 (931) 888-5544
>> eMail: martin.schmidt at uni-wuerzburg.de
>>
>>
>>
>> Here my smb.conf:
>>
>> [global]
>>    #log file = /var/log/samba.%m
>>    smb ports = 139 445
>>          #root = administrator
>>    #DOMAIN ADMINS = root, administrator
>>
>>    #----Allgemeine
>> Einstellungen--------------------------------------------------
>>    #Workgroup
>>    netbios name = XXX     #netbios aliases =  XXX
>>    server string = XXX
>>    workgroup = XXX
>>    guest account = XXX
>>
>>
>>
>> #-----Sicherheit--------------------------------------------------------------
>>    #Nur Subnetz FE zulassen
>>    hosts deny = XXX
>>    hosts allow = XXX
>>
>>    #Nur die Ethernet Karte 0 und Loopback zulassen
>>    interfaces = eth0 lo
>>    bind interfaces only = yes
>>
>>    #Unbekannt Nutzer rejecten
>>    #map to guest = Never
>>
>>    #Zugriff auf benutzerdefinierte Freigaben nicht erlauben
>>    #usershare allow guests = No
>>
>>    #Kommunikation der Clients mit Samba auf User Ebene
>>    #Passwort - Backend
>>    #passdb backend = tdbsam:/etc/samba/passdb.tdb
>>    passdb backend= smbpasswd     security = user
>>    encrypt passwords = true     smb passwd file = /etc/samba/smbpasswd
>>    passwd program = /usr/bin/smbpasswd %u
>>    unix password sync = false
>>    obey pam restrictions = yes
>>
>>    #Fuer bestimmte Nutzer gibts extra smb.conf Dateien
>>    config file = /etc/samba/smb.conf.%U
>>
>>
>>    #---- Roaming Profiles
>> -----------------------------------------------------
>>    #Antworten auf WIN98/95 Anfragen
>>    domain logons = Yes
>>    logon path = \\%L\profiles\%U
>>    logon drive = Q:
>>    #logon script = logon.cmd
>>
>>    #---- Browsing und Domain Master (PDC)
>> -------------------------------------
>>    #wins support = Yes
>>    #wins server = XXX
>>    #wins proxy = yes
>>    #PDC im Subnetz
>>    domain master = Yes
>>    local master = Yes
>>    preferred master = Yes
>>    os level = 65
>>    #client-side caching policy
>>    #csc policy = disable
>>
>>
>> #----Benutzerverwaltung-----------------------------------------------------
>>    #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort
>>    #add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
>> /bin/false %m$
>>
>>
>> #---Drucker----------------------------------------------------------------
>>    load printers = no
>>    printing = bsd
>>    printcap name = /dev/null
>>    disable spoolss = yes
>>
>>
>> #----Tuning-----------------------------------------------------------------
>>    socket options = TCP_NODELAY IPTOS_LOWDELAY
>>    #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des
>> Clients
>>    deadtime = 10
>>    #getwd cache = yes
>>    #kernel oplocks = no
>>    ldap suffix =
>>    log level = 1
>>      #Sonstiger Mist
>>    #include = /etc/samba/dhcp.conf
>>    dos charset = CP850
>>    display charset = ISO8859-1
>>    unix charset = ISO8859-1
>>    #oplock break wait time = 20
>>    #oplocks = no
>>    #kernel oplocks = no
>>
>>    #---- Zeit-Server
>> ----------------------------------------------------------
>>    time server = true
>>
>> ###################################
>> # Anmeldung Freigaben #############
>> ###################################
>>
>> [homes]
>>    comment = Home Directories
>>    valid users = %S, %D%w%S
>>    browseable = No
>>    read only = No
>>    inherit acls = Yes
>>    create mask = 0664
>>    directory mask = 0775
>>
>> [profiles]
>>    comment = Network Profiles Service
>>    path = /home/samba/windowsprofiles
>>    hide files = /desktop.ini/
>>    read only = No
>>    browseable = No
>>    guest ok = Yes
>>    writable = Yes
>>    printable = No
>>    store dos attributes = Yes
>>    create mask = 0700
>>    directory mask = 0700
>>
>>   [netlogon]
>>    comment = Network Logon Service2
>>    path = /home/samba/netlogon/%g
>>    guest ok = Yes
>>    browseable = No
>>    read only = No
>>    writable = Yes
>>
>>
>> ###################################
>> # Freigaben #######################
>> ###################################
>> ...
>>
>>
>>
>>
>> Marcelo Terres schrieb:
>>
>>   Hi.
>>      
>>> I enabled policies with pdbedit. Password must be changed every 90 days
>>> and
>>> must contain at least 8 characters. I enabled password history too.
>>>
>>> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour)
>>> every
>>> time a user try to log in the domain using Windows receives a "Your
>>> password
>>> expires today. Do you want to change it now ?" message box. If the
>>> password
>>> is changed, the message appear again next time the user try to login. If
>>> the
>>> user answers no the same thing happens in the next login.
>>>
>>> I tested it with a lot of users and changed the passwords several times
>>> and
>>> the problem continues.
>>>
>>> Anybody have some idea about this problem ?
>>>
>>> Thanks in advance.
>>>
>>> Regards,
>>>
>>> Marcelo H. Terres
>>> mhterres at gmail.com
>>> ****************************************
>>> ICQ: 6649932
>>> MSN: mhterres at hotmail.com
>>> Jabber: mhterres at jabber.org
>>> http://twitter.com/mhterres
>>> http://identi.ca/mhterres
>>> ****************************************
>>> http://mundoopensource.blogspot.com/
>>> http://www.propus.com.br
>>> Sent from Porto Alegre, RS, Brazil
>>>
>>>
>>>        
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>

More information about the samba mailing list