[Samba] Your password expires today problem

Martin Schmidt martin.schmidt at uni-wuerzburg.de
Thu Feb 25 03:14:16 MST 2010 

hi,
I tried pdbedit -P "maximum password age" -C -1, but with no effect.
pdbedit -r -c "[X]" test and retyping the password via "smbpasswd test" 
had also no effect, curiously "pdbedit -v test" gives following:

Unix username:        test
NT username:         
Account Flags:        [UX         ]
User SID:             S-1-5-21-1200361472-1041780773-253280391-2648
Primary Group SID:    S-1-5-21-1200361472-1041780773-253280391-513
Full Name:           
Home Directory:       \\fecenter\test
HomeDir Drive:        Q:
Logon Script:        
Profile Path:         \\fecenter\profiles\test
Domain:               LSFE
Account desc:        
Workstations:        
Munged dial:         
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Thu, 25 Feb 2010 09:47:06 CET
Password can change:  Thu, 25 Feb 2010 09:47:06 CET
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


regards,
Martin



Gaiseric Vandal schrieb:
> We had a few users with the same problem when we moved the password 
> backend from tdb to ldap.    The following command seem to fix it.
>
>       pdbedit -P "maximum password age" -C -1
>
>
>
>
> On 02/24/2010 04:25 PM, Marcelo Terres wrote:
>> Samba 3.0.24 doesn't have the problem, maybe because it doesn't 
>> support the
>> policies domain account (configured with pdbedit).
>>
>> This feature starts in 3.0.25 and the problems with password expiration
>> starts in the version either.
>>
>> Regards,
>>
>> Marcelo H. Terres
>> mhterres at gmail.com
>> ****************************************
>> ICQ: 6649932
>> MSN: mhterres at hotmail.com
>> Jabber: mhterres at jabber.org
>> http://twitter.com/mhterres
>> http://identi.ca/mhterres
>> ****************************************
>> http://mundoopensource.blogspot.com/
>> http://www.propus.com.br
>> Sent from Porto Alegre, RS, Brazil
>>
>> On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt<
>> martin.schmidt at uni-wuerzburg.de>  wrote:
>>
>>   
>>> Hi,
>>>
>>> I have a very similiar problem, but the story is an other:
>>>
>>> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 
>>> 3.4.3
>>> (pdc). The user-accounts were moved following this instruction:
>>> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. 
>>>
>>> When some user now try to login to the domain from a xp-client 
>>> following
>>> message appears at every login: "Your Windows password has expired 
>>> and must
>>> be changed. You must change your password now!" The user can change the
>>> password and everything works fine. But at next login the same 
>>> story. This
>>> happens only to some of the old users and to all users created after
>>> migration. Any idea what could be the reason for this? I already 
>>> searched a
>>> lot but didn't find something like this.
>>>
>>> Thanks for any info.
>>>
>>> Regards,
>>> Martin
>>>
>>> Dipl.- Geogr. Martin Schmidt
>>>
>>> Würzburg University
>>> Department of Geography
>>> Remote Sensing Unit
>>> &
>>> German Remote Sensing Data Center (DFD) at
>>> German Aerospace Center (DLR) Oberpfaffenhofen
>>> --------------------------------------------------------
>>> Am Hubland
>>> 97074 Würzburg
>>> phone: +49 (931) 31-88179
>>> fax:   +49 (931) 888-5544
>>> eMail: martin.schmidt at uni-wuerzburg.de
>>>
>>>
>>>
>>> Here my smb.conf:
>>>
>>> [global]
>>>    #log file = /var/log/samba.%m
>>>    smb ports = 139 445
>>>          #root = administrator
>>>    #DOMAIN ADMINS = root, administrator
>>>
>>>    #----Allgemeine
>>> Einstellungen--------------------------------------------------
>>>    #Workgroup
>>>    netbios name = XXX     #netbios aliases =  XXX
>>>    server string = XXX
>>>    workgroup = XXX
>>>    guest account = XXX
>>>
>>>
>>>
>>> #-----Sicherheit-------------------------------------------------------------- 
>>>
>>>    #Nur Subnetz FE zulassen
>>>    hosts deny = XXX
>>>    hosts allow = XXX
>>>
>>>    #Nur die Ethernet Karte 0 und Loopback zulassen
>>>    interfaces = eth0 lo
>>>    bind interfaces only = yes
>>>
>>>    #Unbekannt Nutzer rejecten
>>>    #map to guest = Never
>>>
>>>    #Zugriff auf benutzerdefinierte Freigaben nicht erlauben
>>>    #usershare allow guests = No
>>>
>>>    #Kommunikation der Clients mit Samba auf User Ebene
>>>    #Passwort - Backend
>>>    #passdb backend = tdbsam:/etc/samba/passdb.tdb
>>>    passdb backend= smbpasswd     security = user
>>>    encrypt passwords = true     smb passwd file = /etc/samba/smbpasswd
>>>    passwd program = /usr/bin/smbpasswd %u
>>>    unix password sync = false
>>>    obey pam restrictions = yes
>>>
>>>    #Fuer bestimmte Nutzer gibts extra smb.conf Dateien
>>>    config file = /etc/samba/smb.conf.%U
>>>
>>>
>>>    #---- Roaming Profiles
>>> -----------------------------------------------------
>>>    #Antworten auf WIN98/95 Anfragen
>>>    domain logons = Yes
>>>    logon path = \\%L\profiles\%U
>>>    logon drive = Q:
>>>    #logon script = logon.cmd
>>>
>>>    #---- Browsing und Domain Master (PDC)
>>> -------------------------------------
>>>    #wins support = Yes
>>>    #wins server = XXX
>>>    #wins proxy = yes
>>>    #PDC im Subnetz
>>>    domain master = Yes
>>>    local master = Yes
>>>    preferred master = Yes
>>>    os level = 65
>>>    #client-side caching policy
>>>    #csc policy = disable
>>>
>>>
>>> #----Benutzerverwaltung----------------------------------------------------- 
>>>
>>>    #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort
>>>    #add machine script = /usr/sbin/useradd  -c Machine -d 
>>> /var/lib/nobody -s
>>> /bin/false %m$
>>>
>>>
>>> #---Drucker---------------------------------------------------------------- 
>>>
>>>    load printers = no
>>>    printing = bsd
>>>    printcap name = /dev/null
>>>    disable spoolss = yes
>>>
>>>
>>> #----Tuning----------------------------------------------------------------- 
>>>
>>>    socket options = TCP_NODELAY IPTOS_LOWDELAY
>>>    #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des
>>> Clients
>>>    deadtime = 10
>>>    #getwd cache = yes
>>>    #kernel oplocks = no
>>>    ldap suffix =
>>>    log level = 1
>>>      #Sonstiger Mist
>>>    #include = /etc/samba/dhcp.conf
>>>    dos charset = CP850
>>>    display charset = ISO8859-1
>>>    unix charset = ISO8859-1
>>>    #oplock break wait time = 20
>>>    #oplocks = no
>>>    #kernel oplocks = no
>>>
>>>    #---- Zeit-Server
>>> ----------------------------------------------------------
>>>    time server = true
>>>
>>> ###################################
>>> # Anmeldung Freigaben #############
>>> ###################################
>>>
>>> [homes]
>>>    comment = Home Directories
>>>    valid users = %S, %D%w%S
>>>    browseable = No
>>>    read only = No
>>>    inherit acls = Yes
>>>    create mask = 0664
>>>    directory mask = 0775
>>>
>>> [profiles]
>>>    comment = Network Profiles Service
>>>    path = /home/samba/windowsprofiles
>>>    hide files = /desktop.ini/
>>>    read only = No
>>>    browseable = No
>>>    guest ok = Yes
>>>    writable = Yes
>>>    printable = No
>>>    store dos attributes = Yes
>>>    create mask = 0700
>>>    directory mask = 0700
>>>
>>>   [netlogon]
>>>    comment = Network Logon Service2
>>>    path = /home/samba/netlogon/%g
>>>    guest ok = Yes
>>>    browseable = No
>>>    read only = No
>>>    writable = Yes
>>>
>>>
>>> ###################################
>>> # Freigaben #######################
>>> ###################################
>>> ...
>>>
>>>
>>>
>>>
>>> Marcelo Terres schrieb:
>>>
>>>   Hi.
>>>     
>>>> I enabled policies with pdbedit. Password must be changed every 90 
>>>> days
>>>> and
>>>> must contain at least 8 characters. I enabled password history too.
>>>>
>>>> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour)
>>>> every
>>>> time a user try to log in the domain using Windows receives a "Your
>>>> password
>>>> expires today. Do you want to change it now ?" message box. If the
>>>> password
>>>> is changed, the message appear again next time the user try to 
>>>> login. If
>>>> the
>>>> user answers no the same thing happens in the next login.
>>>>
>>>> I tested it with a lot of users and changed the passwords several 
>>>> times
>>>> and
>>>> the problem continues.
>>>>
>>>> Anybody have some idea about this problem ?
>>>>
>>>> Thanks in advance.
>>>>
>>>> Regards,
>>>>
>>>> Marcelo H. Terres
>>>> mhterres at gmail.com
>>>> ****************************************
>>>> ICQ: 6649932
>>>> MSN: mhterres at hotmail.com
>>>> Jabber: mhterres at jabber.org
>>>> http://twitter.com/mhterres
>>>> http://identi.ca/mhterres
>>>> ****************************************
>>>> http://mundoopensource.blogspot.com/
>>>> http://www.propus.com.br
>>>> Sent from Porto Alegre, RS, Brazil
>>>>
>>>>
>>>>        
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>      
>

More information about the samba mailing list