[Samba] Your password expires today problem
Gaiseric Vandal
gaiseric.vandal at gmail.com
Wed Feb 24 14:36:56 MST 2010
We had a few users with the same problem when we moved the password
backend from tdb to ldap. The following command seem to fix it.
pdbedit -P "maximum password age" -C -1
On 02/24/2010 04:25 PM, Marcelo Terres wrote:
> Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the
> policies domain account (configured with pdbedit).
>
> This feature starts in 3.0.25 and the problems with password expiration
> starts in the version either.
>
> Regards,
>
> Marcelo H. Terres
> mhterres at gmail.com
> ****************************************
> ICQ: 6649932
> MSN: mhterres at hotmail.com
> Jabber: mhterres at jabber.org
> http://twitter.com/mhterres
> http://identi.ca/mhterres
> ****************************************
> http://mundoopensource.blogspot.com/
> http://www.propus.com.br
> Sent from Porto Alegre, RS, Brazil
>
> On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt<
> martin.schmidt at uni-wuerzburg.de> wrote:
>
>
>> Hi,
>>
>> I have a very similiar problem, but the story is an other:
>>
>> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3
>> (pdc). The user-accounts were moved following this instruction:
>> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/.
>> When some user now try to login to the domain from a xp-client following
>> message appears at every login: "Your Windows password has expired and must
>> be changed. You must change your password now!" The user can change the
>> password and everything works fine. But at next login the same story. This
>> happens only to some of the old users and to all users created after
>> migration. Any idea what could be the reason for this? I already searched a
>> lot but didn't find something like this.
>>
>> Thanks for any info.
>>
>> Regards,
>> Martin
>>
>> Dipl.- Geogr. Martin Schmidt
>>
>> Würzburg University
>> Department of Geography
>> Remote Sensing Unit
>> &
>> German Remote Sensing Data Center (DFD) at
>> German Aerospace Center (DLR) Oberpfaffenhofen
>> --------------------------------------------------------
>> Am Hubland
>> 97074 Würzburg
>> phone: +49 (931) 31-88179
>> fax: +49 (931) 888-5544
>> eMail: martin.schmidt at uni-wuerzburg.de
>>
>>
>>
>> Here my smb.conf:
>>
>> [global]
>> #log file = /var/log/samba.%m
>> smb ports = 139 445
>> #root = administrator
>> #DOMAIN ADMINS = root, administrator
>>
>> #----Allgemeine
>> Einstellungen--------------------------------------------------
>> #Workgroup
>> netbios name = XXX #netbios aliases = XXX
>> server string = XXX
>> workgroup = XXX
>> guest account = XXX
>>
>>
>>
>> #-----Sicherheit--------------------------------------------------------------
>> #Nur Subnetz FE zulassen
>> hosts deny = XXX
>> hosts allow = XXX
>>
>> #Nur die Ethernet Karte 0 und Loopback zulassen
>> interfaces = eth0 lo
>> bind interfaces only = yes
>>
>> #Unbekannt Nutzer rejecten
>> #map to guest = Never
>>
>> #Zugriff auf benutzerdefinierte Freigaben nicht erlauben
>> #usershare allow guests = No
>>
>> #Kommunikation der Clients mit Samba auf User Ebene
>> #Passwort - Backend
>> #passdb backend = tdbsam:/etc/samba/passdb.tdb
>> passdb backend= smbpasswd security = user
>> encrypt passwords = true smb passwd file = /etc/samba/smbpasswd
>> passwd program = /usr/bin/smbpasswd %u
>> unix password sync = false
>> obey pam restrictions = yes
>>
>> #Fuer bestimmte Nutzer gibts extra smb.conf Dateien
>> config file = /etc/samba/smb.conf.%U
>>
>>
>> #---- Roaming Profiles
>> -----------------------------------------------------
>> #Antworten auf WIN98/95 Anfragen
>> domain logons = Yes
>> logon path = \\%L\profiles\%U
>> logon drive = Q:
>> #logon script = logon.cmd
>>
>> #---- Browsing und Domain Master (PDC)
>> -------------------------------------
>> #wins support = Yes
>> #wins server = XXX
>> #wins proxy = yes
>> #PDC im Subnetz
>> domain master = Yes
>> local master = Yes
>> preferred master = Yes
>> os level = 65
>> #client-side caching policy
>> #csc policy = disable
>>
>>
>> #----Benutzerverwaltung-----------------------------------------------------
>> #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort
>> #add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s
>> /bin/false %m$
>>
>>
>> #---Drucker----------------------------------------------------------------
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> disable spoolss = yes
>>
>>
>> #----Tuning-----------------------------------------------------------------
>> socket options = TCP_NODELAY IPTOS_LOWDELAY
>> #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des
>> Clients
>> deadtime = 10
>> #getwd cache = yes
>> #kernel oplocks = no
>> ldap suffix =
>> log level = 1
>> #Sonstiger Mist
>> #include = /etc/samba/dhcp.conf
>> dos charset = CP850
>> display charset = ISO8859-1
>> unix charset = ISO8859-1
>> #oplock break wait time = 20
>> #oplocks = no
>> #kernel oplocks = no
>>
>> #---- Zeit-Server
>> ----------------------------------------------------------
>> time server = true
>>
>> ###################################
>> # Anmeldung Freigaben #############
>> ###################################
>>
>> [homes]
>> comment = Home Directories
>> valid users = %S, %D%w%S
>> browseable = No
>> read only = No
>> inherit acls = Yes
>> create mask = 0664
>> directory mask = 0775
>>
>> [profiles]
>> comment = Network Profiles Service
>> path = /home/samba/windowsprofiles
>> hide files = /desktop.ini/
>> read only = No
>> browseable = No
>> guest ok = Yes
>> writable = Yes
>> printable = No
>> store dos attributes = Yes
>> create mask = 0700
>> directory mask = 0700
>>
>> [netlogon]
>> comment = Network Logon Service2
>> path = /home/samba/netlogon/%g
>> guest ok = Yes
>> browseable = No
>> read only = No
>> writable = Yes
>>
>>
>> ###################################
>> # Freigaben #######################
>> ###################################
>> ...
>>
>>
>>
>>
>> Marcelo Terres schrieb:
>>
>> Hi.
>>
>>> I enabled policies with pdbedit. Password must be changed every 90 days
>>> and
>>> must contain at least 8 characters. I enabled password history too.
>>>
>>> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour)
>>> every
>>> time a user try to log in the domain using Windows receives a "Your
>>> password
>>> expires today. Do you want to change it now ?" message box. If the
>>> password
>>> is changed, the message appear again next time the user try to login. If
>>> the
>>> user answers no the same thing happens in the next login.
>>>
>>> I tested it with a lot of users and changed the passwords several times
>>> and
>>> the problem continues.
>>>
>>> Anybody have some idea about this problem ?
>>>
>>> Thanks in advance.
>>>
>>> Regards,
>>>
>>> Marcelo H. Terres
>>> mhterres at gmail.com
>>> ****************************************
>>> ICQ: 6649932
>>> MSN: mhterres at hotmail.com
>>> Jabber: mhterres at jabber.org
>>> http://twitter.com/mhterres
>>> http://identi.ca/mhterres
>>> ****************************************
>>> http://mundoopensource.blogspot.com/
>>> http://www.propus.com.br
>>> Sent from Porto Alegre, RS, Brazil
>>>
>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
More information about the samba
mailing list