[Samba] Your password expires today problem

Marcelo Terres mhterres at gmail.com
Thu Feb 25 09:09:16 MST 2010 

In out case, we need to set the maximum password age.

Regards,

Marcelo H. Terres
mhterres at gmail.com
****************************************
ICQ: 6649932
MSN: mhterres at hotmail.com
Jabber: mhterres at jabber.org
http://twitter.com/mhterres
http://identi.ca/mhterres
****************************************
http://mundoopensource.blogspot.com/
http://www.propus.com.br


On Wed, Feb 24, 2010 at 6:36 PM, Gaiseric Vandal
<gaiseric.vandal at gmail.com>wrote:

> We had a few users with the same problem when we moved the password backend
> from tdb to ldap.    The following command seem to fix it.
>
>      pdbedit -P "maximum password age" -C -1
>
>
>
>
>
> On 02/24/2010 04:25 PM, Marcelo Terres wrote:
>
>> Samba 3.0.24 doesn't have the problem, maybe because it doesn't support
>> the
>> policies domain account (configured with pdbedit).
>>
>> This feature starts in 3.0.25 and the problems with password expiration
>> starts in the version either.
>>
>> Regards,
>>
>> Marcelo H. Terres
>> mhterres at gmail.com
>> ****************************************
>> ICQ: 6649932
>> MSN: mhterres at hotmail.com
>> Jabber: mhterres at jabber.org
>> http://twitter.com/mhterres
>> http://identi.ca/mhterres
>> ****************************************
>> http://mundoopensource.blogspot.com/
>> http://www.propus.com.br
>> Sent from Porto Alegre, RS, Brazil
>>
>> On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt<
>> martin.schmidt at uni-wuerzburg.de>  wrote:
>>
>>
>>
>>> Hi,
>>>
>>> I have a very similiar problem, but the story is an other:
>>>
>>> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba
>>> 3.4.3
>>> (pdc). The user-accounts were moved following this instruction:
>>>
>>> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/
>>> .
>>> When some user now try to login to the domain from a xp-client following
>>> message appears at every login: "Your Windows password has expired and
>>> must
>>> be changed. You must change your password now!" The user can change the
>>> password and everything works fine. But at next login the same story.
>>> This
>>> happens only to some of the old users and to all users created after
>>> migration. Any idea what could be the reason for this? I already searched
>>> a
>>> lot but didn't find something like this.
>>>
>>> Thanks for any info.
>>>
>>> Regards,
>>> Martin
>>>
>>> Dipl.- Geogr. Martin Schmidt
>>>
>>> Würzburg University
>>> Department of Geography
>>> Remote Sensing Unit
>>> &
>>> German Remote Sensing Data Center (DFD) at
>>> German Aerospace Center (DLR) Oberpfaffenhofen
>>> --------------------------------------------------------
>>> Am Hubland
>>> 97074 Würzburg
>>> phone: +49 (931) 31-88179
>>> fax:   +49 (931) 888-5544
>>> eMail: martin.schmidt at uni-wuerzburg.de
>>>
>>>
>>>
>>> Here my smb.conf:
>>>
>>> [global]
>>>   #log file = /var/log/samba.%m
>>>   smb ports = 139 445
>>>         #root = administrator
>>>   #DOMAIN ADMINS = root, administrator
>>>
>>>   #----Allgemeine
>>> Einstellungen--------------------------------------------------
>>>   #Workgroup
>>>   netbios name = XXX     #netbios aliases =  XXX
>>>   server string = XXX
>>>   workgroup = XXX
>>>   guest account = XXX
>>>
>>>
>>>
>>>
>>> #-----Sicherheit--------------------------------------------------------------
>>>   #Nur Subnetz FE zulassen
>>>   hosts deny = XXX
>>>   hosts allow = XXX
>>>
>>>   #Nur die Ethernet Karte 0 und Loopback zulassen
>>>   interfaces = eth0 lo
>>>   bind interfaces only = yes
>>>
>>>   #Unbekannt Nutzer rejecten
>>>   #map to guest = Never
>>>
>>>   #Zugriff auf benutzerdefinierte Freigaben nicht erlauben
>>>   #usershare allow guests = No
>>>
>>>   #Kommunikation der Clients mit Samba auf User Ebene
>>>   #Passwort - Backend
>>>   #passdb backend = tdbsam:/etc/samba/passdb.tdb
>>>   passdb backend= smbpasswd     security = user
>>>   encrypt passwords = true     smb passwd file = /etc/samba/smbpasswd
>>>   passwd program = /usr/bin/smbpasswd %u
>>>   unix password sync = false
>>>   obey pam restrictions = yes
>>>
>>>   #Fuer bestimmte Nutzer gibts extra smb.conf Dateien
>>>   config file = /etc/samba/smb.conf.%U
>>>
>>>
>>>   #---- Roaming Profiles
>>> -----------------------------------------------------
>>>   #Antworten auf WIN98/95 Anfragen
>>>   domain logons = Yes
>>>   logon path = \\%L\profiles\%U
>>>   logon drive = Q:
>>>   #logon script = logon.cmd
>>>
>>>   #---- Browsing und Domain Master (PDC)
>>> -------------------------------------
>>>   #wins support = Yes
>>>   #wins server = XXX
>>>   #wins proxy = yes
>>>   #PDC im Subnetz
>>>   domain master = Yes
>>>   local master = Yes
>>>   preferred master = Yes
>>>   os level = 65
>>>   #client-side caching policy
>>>   #csc policy = disable
>>>
>>>
>>>
>>> #----Benutzerverwaltung-----------------------------------------------------
>>>   #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort
>>>   #add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody
>>> -s
>>> /bin/false %m$
>>>
>>>
>>>
>>> #---Drucker----------------------------------------------------------------
>>>   load printers = no
>>>   printing = bsd
>>>   printcap name = /dev/null
>>>   disable spoolss = yes
>>>
>>>
>>>
>>> #----Tuning-----------------------------------------------------------------
>>>   socket options = TCP_NODELAY IPTOS_LOWDELAY
>>>   #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des
>>> Clients
>>>   deadtime = 10
>>>   #getwd cache = yes
>>>   #kernel oplocks = no
>>>   ldap suffix =
>>>   log level = 1
>>>     #Sonstiger Mist
>>>   #include = /etc/samba/dhcp.conf
>>>   dos charset = CP850
>>>   display charset = ISO8859-1
>>>   unix charset = ISO8859-1
>>>   #oplock break wait time = 20
>>>   #oplocks = no
>>>   #kernel oplocks = no
>>>
>>>   #---- Zeit-Server
>>> ----------------------------------------------------------
>>>   time server = true
>>>
>>> ###################################
>>> # Anmeldung Freigaben #############
>>> ###################################
>>>
>>> [homes]
>>>   comment = Home Directories
>>>   valid users = %S, %D%w%S
>>>   browseable = No
>>>   read only = No
>>>   inherit acls = Yes
>>>   create mask = 0664
>>>   directory mask = 0775
>>>
>>> [profiles]
>>>   comment = Network Profiles Service
>>>   path = /home/samba/windowsprofiles
>>>   hide files = /desktop.ini/
>>>   read only = No
>>>   browseable = No
>>>   guest ok = Yes
>>>   writable = Yes
>>>   printable = No
>>>   store dos attributes = Yes
>>>   create mask = 0700
>>>   directory mask = 0700
>>>
>>>  [netlogon]
>>>   comment = Network Logon Service2
>>>   path = /home/samba/netlogon/%g
>>>   guest ok = Yes
>>>   browseable = No
>>>   read only = No
>>>   writable = Yes
>>>
>>>
>>> ###################################
>>> # Freigaben #######################
>>> ###################################
>>> ...
>>>
>>>
>>>
>>>
>>> Marcelo Terres schrieb:
>>>
>>>  Hi.
>>>
>>>
>>>> I enabled policies with pdbedit. Password must be changed every 90 days
>>>> and
>>>> must contain at least 8 characters. I enabled password history too.
>>>>
>>>> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour)
>>>> every
>>>> time a user try to log in the domain using Windows receives a "Your
>>>> password
>>>> expires today. Do you want to change it now ?" message box. If the
>>>> password
>>>> is changed, the message appear again next time the user try to login. If
>>>> the
>>>> user answers no the same thing happens in the next login.
>>>>
>>>> I tested it with a lot of users and changed the passwords several times
>>>> and
>>>> the problem continues.
>>>>
>>>> Anybody have some idea about this problem ?
>>>>
>>>> Thanks in advance.
>>>>
>>>> Regards,
>>>>
>>>> Marcelo H. Terres
>>>> mhterres at gmail.com
>>>> ****************************************
>>>> ICQ: 6649932
>>>> MSN: mhterres at hotmail.com
>>>> Jabber: mhterres at jabber.org
>>>> http://twitter.com/mhterres
>>>> http://identi.ca/mhterres
>>>> ****************************************
>>>> http://mundoopensource.blogspot.com/
>>>> http://www.propus.com.br
>>>> Sent from Porto Alegre, RS, Brazil
>>>>
>>>>
>>>>
>>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list