[Samba] Your password expires today problem

Marcelo Terres mhterres at gmail.com
Fri Feb 26 06:51:07 MST 2010 

Let me understand.



On Fri, Feb 26, 2010 at 6:52 AM, Martin Schmidt <
martin.schmidt at uni-wuerzburg.de> wrote:

> hi again,
>
> in my case it works now after setting the "maximum password age" to a point
> far in future, but not to "never".
> So this works:
> pdbedit -P "maximum password age" -C 4294967294
>

This way, the message stops ?


> but this not:
>
> pdbedit -P "maximum password age" -C -1
>
> I have also re-disabled the users account control property "Password does
> not expire" using
> pdbedit -r -c "[]" test
>
> Unix username:        test
> NT username:         Account Flags:        [U          ]
>
> User SID:             S-1-5-21-1200361472-1041780773-253280391-2648
> Primary Group SID:    S-1-5-21-1200361472-1041780773-253280391-513
> Full Name:           Home Directory:       \\fecenter\test
> HomeDir Drive:        Q:
> Logon Script:        Profile Path:         \\fecenter\profiles\test
> Domain:               LSFE
> Account desc:        Workstations:        Munged dial:         Logon time:
>           0
> Logoff time:          never
> Kickoff time:         never
> Password last set:    Thu, 25 Feb 2010 10:35:29 CET
> Password can change:  Thu, 25 Feb 2010 10:35:29 CET
> Password must change: Sun, 03 Apr 2146 18:03:43 CEST
>
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
> I could have hit on it in a moment!
>

Disabling this policy the message stop too ?

Regards ,


>
> regards,
> Martin
>
>
>
>
> Martin Schmidt schrieb:
>
>  hi,
>> I tried pdbedit -P "maximum password age" -C -1, but with no effect.
>> pdbedit -r -c "[X]" test and retyping the password via "smbpasswd test"
>> had also no effect, curiously "pdbedit -v test" gives following:
>>
>> Unix username:        test
>> NT username:         Account Flags:        [UX         ]
>> User SID:             S-1-5-21-1200361472-1041780773-253280391-2648
>> Primary Group SID:    S-1-5-21-1200361472-1041780773-253280391-513
>> Full Name:           Home Directory:       \\fecenter\test
>> HomeDir Drive:        Q:
>> Logon Script:        Profile Path:         \\fecenter\profiles\test
>> Domain:               LSFE
>> Account desc:        Workstations:        Munged dial:         Logon time:
>>           0
>> Logoff time:          never
>> Kickoff time:         never
>> Password last set:    Thu, 25 Feb 2010 09:47:06 CET
>> Password can change:  Thu, 25 Feb 2010 09:47:06 CET
>> Password must change: never
>> Last bad password   : 0
>> Bad password count  : 0
>> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>>
>>
>> regards,
>> Martin
>>
>>
>>
>> Gaiseric Vandal schrieb:
>>
>>> We had a few users with the same problem when we moved the password
>>> backend from tdb to ldap.    The following command seem to fix it.
>>>
>>>      pdbedit -P "maximum password age" -C -1
>>>
>>>
>>>
>>>
>>> On 02/24/2010 04:25 PM, Marcelo Terres wrote:
>>>
>>>> Samba 3.0.24 doesn't have the problem, maybe because it doesn't support
>>>> the
>>>> policies domain account (configured with pdbedit).
>>>>
>>>> This feature starts in 3.0.25 and the problems with password expiration
>>>> starts in the version either.
>>>>
>>>> Regards,
>>>>
>>>> Marcelo H. Terres
>>>> mhterres at gmail.com
>>>> ****************************************
>>>> ICQ: 6649932
>>>> MSN: mhterres at hotmail.com
>>>> Jabber: mhterres at jabber.org
>>>> http://twitter.com/mhterres
>>>> http://identi.ca/mhterres
>>>> ****************************************
>>>> http://mundoopensource.blogspot.com/
>>>> http://www.propus.com.br
>>>> Sent from Porto Alegre, RS, Brazil
>>>>
>>>> On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt<
>>>> martin.schmidt at uni-wuerzburg.de>  wrote:
>>>>
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> I have a very similiar problem, but the story is an other:
>>>>>
>>>>> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba
>>>>> 3.4.3
>>>>> (pdc). The user-accounts were moved following this instruction:
>>>>>
>>>>> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/.
>>>>>
>>>>> When some user now try to login to the domain from a xp-client
>>>>> following
>>>>> message appears at every login: "Your Windows password has expired and
>>>>> must
>>>>> be changed. You must change your password now!" The user can change the
>>>>> password and everything works fine. But at next login the same story.
>>>>> This
>>>>> happens only to some of the old users and to all users created after
>>>>> migration. Any idea what could be the reason for this? I already
>>>>> searched a
>>>>> lot but didn't find something like this.
>>>>>
>>>>> Thanks for any info.
>>>>>
>>>>> Regards,
>>>>> Martin
>>>>>
>>>>> Dipl.- Geogr. Martin Schmidt
>>>>>
>>>>> Würzburg University
>>>>> Department of Geography
>>>>> Remote Sensing Unit
>>>>> &
>>>>> German Remote Sensing Data Center (DFD) at
>>>>> German Aerospace Center (DLR) Oberpfaffenhofen
>>>>> --------------------------------------------------------
>>>>> Am Hubland
>>>>> 97074 Würzburg
>>>>> phone: +49 (931) 31-88179
>>>>> fax:   +49 (931) 888-5544
>>>>> eMail: martin.schmidt at uni-wuerzburg.de
>>>>>
>>>>>
>>>>>
>>>>> Here my smb.conf:
>>>>>
>>>>> [global]
>>>>>   #log file = /var/log/samba.%m
>>>>>   smb ports = 139 445
>>>>>         #root = administrator
>>>>>   #DOMAIN ADMINS = root, administrator
>>>>>
>>>>>   #----Allgemeine
>>>>> Einstellungen--------------------------------------------------
>>>>>   #Workgroup
>>>>>   netbios name = XXX     #netbios aliases =  XXX
>>>>>   server string = XXX
>>>>>   workgroup = XXX
>>>>>   guest account = XXX
>>>>>
>>>>>
>>>>>
>>>>> #-----Sicherheit--------------------------------------------------------------
>>>>>
>>>>>   #Nur Subnetz FE zulassen
>>>>>   hosts deny = XXX
>>>>>   hosts allow = XXX
>>>>>
>>>>>   #Nur die Ethernet Karte 0 und Loopback zulassen
>>>>>   interfaces = eth0 lo
>>>>>   bind interfaces only = yes
>>>>>
>>>>>   #Unbekannt Nutzer rejecten
>>>>>   #map to guest = Never
>>>>>
>>>>>   #Zugriff auf benutzerdefinierte Freigaben nicht erlauben
>>>>>   #usershare allow guests = No
>>>>>
>>>>>   #Kommunikation der Clients mit Samba auf User Ebene
>>>>>   #Passwort - Backend
>>>>>   #passdb backend = tdbsam:/etc/samba/passdb.tdb
>>>>>   passdb backend= smbpasswd     security = user
>>>>>   encrypt passwords = true     smb passwd file = /etc/samba/smbpasswd
>>>>>   passwd program = /usr/bin/smbpasswd %u
>>>>>   unix password sync = false
>>>>>   obey pam restrictions = yes
>>>>>
>>>>>   #Fuer bestimmte Nutzer gibts extra smb.conf Dateien
>>>>>   config file = /etc/samba/smb.conf.%U
>>>>>
>>>>>
>>>>>   #---- Roaming Profiles
>>>>> -----------------------------------------------------
>>>>>   #Antworten auf WIN98/95 Anfragen
>>>>>   domain logons = Yes
>>>>>   logon path = \\%L\profiles\%U
>>>>>   logon drive = Q:
>>>>>   #logon script = logon.cmd
>>>>>
>>>>>   #---- Browsing und Domain Master (PDC)
>>>>> -------------------------------------
>>>>>   #wins support = Yes
>>>>>   #wins server = XXX
>>>>>   #wins proxy = yes
>>>>>   #PDC im Subnetz
>>>>>   domain master = Yes
>>>>>   local master = Yes
>>>>>   preferred master = Yes
>>>>>   os level = 65
>>>>>   #client-side caching policy
>>>>>   #csc policy = disable
>>>>>
>>>>>
>>>>> #----Benutzerverwaltung-----------------------------------------------------
>>>>>
>>>>>   #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort
>>>>>   #add machine script = /usr/sbin/useradd  -c Machine -d
>>>>> /var/lib/nobody -s
>>>>> /bin/false %m$
>>>>>
>>>>>
>>>>> #---Drucker----------------------------------------------------------------
>>>>>
>>>>>   load printers = no
>>>>>   printing = bsd
>>>>>   printcap name = /dev/null
>>>>>   disable spoolss = yes
>>>>>
>>>>>
>>>>> #----Tuning-----------------------------------------------------------------
>>>>>
>>>>>   socket options = TCP_NODELAY IPTOS_LOWDELAY
>>>>>   #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des
>>>>> Clients
>>>>>   deadtime = 10
>>>>>   #getwd cache = yes
>>>>>   #kernel oplocks = no
>>>>>   ldap suffix =
>>>>>   log level = 1
>>>>>     #Sonstiger Mist
>>>>>   #include = /etc/samba/dhcp.conf
>>>>>   dos charset = CP850
>>>>>   display charset = ISO8859-1
>>>>>   unix charset = ISO8859-1
>>>>>   #oplock break wait time = 20
>>>>>   #oplocks = no
>>>>>   #kernel oplocks = no
>>>>>
>>>>>   #---- Zeit-Server
>>>>> ----------------------------------------------------------
>>>>>   time server = true
>>>>>
>>>>> ###################################
>>>>> # Anmeldung Freigaben #############
>>>>> ###################################
>>>>>
>>>>> [homes]
>>>>>   comment = Home Directories
>>>>>   valid users = %S, %D%w%S
>>>>>   browseable = No
>>>>>   read only = No
>>>>>   inherit acls = Yes
>>>>>   create mask = 0664
>>>>>   directory mask = 0775
>>>>>
>>>>> [profiles]
>>>>>   comment = Network Profiles Service
>>>>>   path = /home/samba/windowsprofiles
>>>>>   hide files = /desktop.ini/
>>>>>   read only = No
>>>>>   browseable = No
>>>>>   guest ok = Yes
>>>>>   writable = Yes
>>>>>   printable = No
>>>>>   store dos attributes = Yes
>>>>>   create mask = 0700
>>>>>   directory mask = 0700
>>>>>
>>>>>  [netlogon]
>>>>>   comment = Network Logon Service2
>>>>>   path = /home/samba/netlogon/%g
>>>>>   guest ok = Yes
>>>>>   browseable = No
>>>>>   read only = No
>>>>>   writable = Yes
>>>>>
>>>>>
>>>>> ###################################
>>>>> # Freigaben #######################
>>>>> ###################################
>>>>> ...
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Marcelo Terres schrieb:
>>>>>
>>>>>  Hi.
>>>>>
>>>>>
>>>>>> I enabled policies with pdbedit. Password must be changed every 90
>>>>>> days
>>>>>> and
>>>>>> must contain at least 8 characters. I enabled password history too.
>>>>>>
>>>>>> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour)
>>>>>> every
>>>>>> time a user try to log in the domain using Windows receives a "Your
>>>>>> password
>>>>>> expires today. Do you want to change it now ?" message box. If the
>>>>>> password
>>>>>> is changed, the message appear again next time the user try to login.
>>>>>> If
>>>>>> the
>>>>>> user answers no the same thing happens in the next login.
>>>>>>
>>>>>> I tested it with a lot of users and changed the passwords several
>>>>>> times
>>>>>> and
>>>>>> the problem continues.
>>>>>>
>>>>>> Anybody have some idea about this problem ?
>>>>>>
>>>>>> Thanks in advance.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Marcelo H. Terres
>>>>>> mhterres at gmail.com
>>>>>> ****************************************
>>>>>> ICQ: 6649932
>>>>>> MSN: mhterres at hotmail.com
>>>>>> Jabber: mhterres at jabber.org
>>>>>> http://twitter.com/mhterres
>>>>>> http://identi.ca/mhterres
>>>>>> ****************************************
>>>>>> http://mundoopensource.blogspot.com/
>>>>>> http://www.propus.com.br
>>>>>> Sent from Porto Alegre, RS, Brazil
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>>>>
>>>>
>>>  --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>




Marcelo H. Terres
mhterres at gmail.com
****************************************
ICQ: 6649932
MSN: mhterres at hotmail.com
Jabber: mhterres at jabber.org
http://twitter.com/mhterres
http://identi.ca/mhterres
****************************************
http://mundoopensource.blogspot.com/
http://www.propus.com.br

More information about the samba mailing list