[Samba] Your password expires today problem
Martin Schmidt
martin.schmidt at uni-wuerzburg.de
Fri Feb 26 02:52:31 MST 2010
hi again,
in my case it works now after setting the "maximum password age" to a
point far in future, but not to "never".
So this works:
pdbedit -P "maximum password age" -C 4294967294
but this not:
pdbedit -P "maximum password age" -C -1
I have also re-disabled the users account control property "Password
does not expire" using
pdbedit -r -c "[]" test
Unix username: test
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1200361472-1041780773-253280391-2648
Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513
Full Name:
Home Directory: \\fecenter\test
HomeDir Drive: Q:
Logon Script:
Profile Path: \\fecenter\profiles\test
Domain: LSFE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Thu, 25 Feb 2010 10:35:29 CET
Password can change: Thu, 25 Feb 2010 10:35:29 CET
Password must change: Sun, 03 Apr 2146 18:03:43 CEST
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
I could have hit on it in a moment!
regards,
Martin
Martin Schmidt schrieb:
> hi,
> I tried pdbedit -P "maximum password age" -C -1, but with no effect.
> pdbedit -r -c "[X]" test and retyping the password via "smbpasswd
> test" had also no effect, curiously "pdbedit -v test" gives following:
>
> Unix username: test
> NT username: Account Flags: [UX ]
> User SID: S-1-5-21-1200361472-1041780773-253280391-2648
> Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513
> Full Name: Home Directory: \\fecenter\test
> HomeDir Drive: Q:
> Logon Script: Profile Path: \\fecenter\profiles\test
> Domain: LSFE
> Account desc: Workstations: Munged dial: Logon
> time: 0
> Logoff time: never
> Kickoff time: never
> Password last set: Thu, 25 Feb 2010 09:47:06 CET
> Password can change: Thu, 25 Feb 2010 09:47:06 CET
> Password must change: never
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
>
> regards,
> Martin
>
>
>
> Gaiseric Vandal schrieb:
>> We had a few users with the same problem when we moved the password
>> backend from tdb to ldap. The following command seem to fix it.
>>
>> pdbedit -P "maximum password age" -C -1
>>
>>
>>
>>
>> On 02/24/2010 04:25 PM, Marcelo Terres wrote:
>>> Samba 3.0.24 doesn't have the problem, maybe because it doesn't
>>> support the
>>> policies domain account (configured with pdbedit).
>>>
>>> This feature starts in 3.0.25 and the problems with password expiration
>>> starts in the version either.
>>>
>>> Regards,
>>>
>>> Marcelo H. Terres
>>> mhterres at gmail.com
>>> ****************************************
>>> ICQ: 6649932
>>> MSN: mhterres at hotmail.com
>>> Jabber: mhterres at jabber.org
>>> http://twitter.com/mhterres
>>> http://identi.ca/mhterres
>>> ****************************************
>>> http://mundoopensource.blogspot.com/
>>> http://www.propus.com.br
>>> Sent from Porto Alegre, RS, Brazil
>>>
>>> On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt<
>>> martin.schmidt at uni-wuerzburg.de> wrote:
>>>
>>>
>>>> Hi,
>>>>
>>>> I have a very similiar problem, but the story is an other:
>>>>
>>>> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server
>>>> samba 3.4.3
>>>> (pdc). The user-accounts were moved following this instruction:
>>>> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/.
>>>>
>>>> When some user now try to login to the domain from a xp-client
>>>> following
>>>> message appears at every login: "Your Windows password has expired
>>>> and must
>>>> be changed. You must change your password now!" The user can change
>>>> the
>>>> password and everything works fine. But at next login the same
>>>> story. This
>>>> happens only to some of the old users and to all users created after
>>>> migration. Any idea what could be the reason for this? I already
>>>> searched a
>>>> lot but didn't find something like this.
>>>>
>>>> Thanks for any info.
>>>>
>>>> Regards,
>>>> Martin
>>>>
>>>> Dipl.- Geogr. Martin Schmidt
>>>>
>>>> Würzburg University
>>>> Department of Geography
>>>> Remote Sensing Unit
>>>> &
>>>> German Remote Sensing Data Center (DFD) at
>>>> German Aerospace Center (DLR) Oberpfaffenhofen
>>>> --------------------------------------------------------
>>>> Am Hubland
>>>> 97074 Würzburg
>>>> phone: +49 (931) 31-88179
>>>> fax: +49 (931) 888-5544
>>>> eMail: martin.schmidt at uni-wuerzburg.de
>>>>
>>>>
>>>>
>>>> Here my smb.conf:
>>>>
>>>> [global]
>>>> #log file = /var/log/samba.%m
>>>> smb ports = 139 445
>>>> #root = administrator
>>>> #DOMAIN ADMINS = root, administrator
>>>>
>>>> #----Allgemeine
>>>> Einstellungen--------------------------------------------------
>>>> #Workgroup
>>>> netbios name = XXX #netbios aliases = XXX
>>>> server string = XXX
>>>> workgroup = XXX
>>>> guest account = XXX
>>>>
>>>>
>>>>
>>>> #-----Sicherheit--------------------------------------------------------------
>>>>
>>>> #Nur Subnetz FE zulassen
>>>> hosts deny = XXX
>>>> hosts allow = XXX
>>>>
>>>> #Nur die Ethernet Karte 0 und Loopback zulassen
>>>> interfaces = eth0 lo
>>>> bind interfaces only = yes
>>>>
>>>> #Unbekannt Nutzer rejecten
>>>> #map to guest = Never
>>>>
>>>> #Zugriff auf benutzerdefinierte Freigaben nicht erlauben
>>>> #usershare allow guests = No
>>>>
>>>> #Kommunikation der Clients mit Samba auf User Ebene
>>>> #Passwort - Backend
>>>> #passdb backend = tdbsam:/etc/samba/passdb.tdb
>>>> passdb backend= smbpasswd security = user
>>>> encrypt passwords = true smb passwd file = /etc/samba/smbpasswd
>>>> passwd program = /usr/bin/smbpasswd %u
>>>> unix password sync = false
>>>> obey pam restrictions = yes
>>>>
>>>> #Fuer bestimmte Nutzer gibts extra smb.conf Dateien
>>>> config file = /etc/samba/smb.conf.%U
>>>>
>>>>
>>>> #---- Roaming Profiles
>>>> -----------------------------------------------------
>>>> #Antworten auf WIN98/95 Anfragen
>>>> domain logons = Yes
>>>> logon path = \\%L\profiles\%U
>>>> logon drive = Q:
>>>> #logon script = logon.cmd
>>>>
>>>> #---- Browsing und Domain Master (PDC)
>>>> -------------------------------------
>>>> #wins support = Yes
>>>> #wins server = XXX
>>>> #wins proxy = yes
>>>> #PDC im Subnetz
>>>> domain master = Yes
>>>> local master = Yes
>>>> preferred master = Yes
>>>> os level = 65
>>>> #client-side caching policy
>>>> #csc policy = disable
>>>>
>>>>
>>>> #----Benutzerverwaltung-----------------------------------------------------
>>>>
>>>> #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort
>>>> #add machine script = /usr/sbin/useradd -c Machine -d
>>>> /var/lib/nobody -s
>>>> /bin/false %m$
>>>>
>>>>
>>>> #---Drucker----------------------------------------------------------------
>>>>
>>>> load printers = no
>>>> printing = bsd
>>>> printcap name = /dev/null
>>>> disable spoolss = yes
>>>>
>>>>
>>>> #----Tuning-----------------------------------------------------------------
>>>>
>>>> socket options = TCP_NODELAY IPTOS_LOWDELAY
>>>> #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust
>>>> des
>>>> Clients
>>>> deadtime = 10
>>>> #getwd cache = yes
>>>> #kernel oplocks = no
>>>> ldap suffix =
>>>> log level = 1
>>>> #Sonstiger Mist
>>>> #include = /etc/samba/dhcp.conf
>>>> dos charset = CP850
>>>> display charset = ISO8859-1
>>>> unix charset = ISO8859-1
>>>> #oplock break wait time = 20
>>>> #oplocks = no
>>>> #kernel oplocks = no
>>>>
>>>> #---- Zeit-Server
>>>> ----------------------------------------------------------
>>>> time server = true
>>>>
>>>> ###################################
>>>> # Anmeldung Freigaben #############
>>>> ###################################
>>>>
>>>> [homes]
>>>> comment = Home Directories
>>>> valid users = %S, %D%w%S
>>>> browseable = No
>>>> read only = No
>>>> inherit acls = Yes
>>>> create mask = 0664
>>>> directory mask = 0775
>>>>
>>>> [profiles]
>>>> comment = Network Profiles Service
>>>> path = /home/samba/windowsprofiles
>>>> hide files = /desktop.ini/
>>>> read only = No
>>>> browseable = No
>>>> guest ok = Yes
>>>> writable = Yes
>>>> printable = No
>>>> store dos attributes = Yes
>>>> create mask = 0700
>>>> directory mask = 0700
>>>>
>>>> [netlogon]
>>>> comment = Network Logon Service2
>>>> path = /home/samba/netlogon/%g
>>>> guest ok = Yes
>>>> browseable = No
>>>> read only = No
>>>> writable = Yes
>>>>
>>>>
>>>> ###################################
>>>> # Freigaben #######################
>>>> ###################################
>>>> ...
>>>>
>>>>
>>>>
>>>>
>>>> Marcelo Terres schrieb:
>>>>
>>>> Hi.
>>>>
>>>>> I enabled policies with pdbedit. Password must be changed every 90
>>>>> days
>>>>> and
>>>>> must contain at least 8 characters. I enabled password history too.
>>>>>
>>>>> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour)
>>>>> every
>>>>> time a user try to log in the domain using Windows receives a "Your
>>>>> password
>>>>> expires today. Do you want to change it now ?" message box. If the
>>>>> password
>>>>> is changed, the message appear again next time the user try to
>>>>> login. If
>>>>> the
>>>>> user answers no the same thing happens in the next login.
>>>>>
>>>>> I tested it with a lot of users and changed the passwords several
>>>>> times
>>>>> and
>>>>> the problem continues.
>>>>>
>>>>> Anybody have some idea about this problem ?
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Marcelo H. Terres
>>>>> mhterres at gmail.com
>>>>> ****************************************
>>>>> ICQ: 6649932
>>>>> MSN: mhterres at hotmail.com
>>>>> Jabber: mhterres at jabber.org
>>>>> http://twitter.com/mhterres
>>>>> http://identi.ca/mhterres
>>>>> ****************************************
>>>>> http://mundoopensource.blogspot.com/
>>>>> http://www.propus.com.br
>>>>> Sent from Porto Alegre, RS, Brazil
>>>>>
>>>>>
>>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>
More information about the samba
mailing list