[Samba] Your password expires today problem
Marcelo Terres
mhterres at gmail.com
Fri Feb 26 06:51:07 MST 2010
Let me understand.
On Fri, Feb 26, 2010 at 6:52 AM, Martin Schmidt <
martin.schmidt at uni-wuerzburg.de> wrote:
> hi again,
>
> in my case it works now after setting the "maximum password age" to a point
> far in future, but not to "never".
> So this works:
> pdbedit -P "maximum password age" -C 4294967294
>
This way, the message stops ?
> but this not:
>
> pdbedit -P "maximum password age" -C -1
>
> I have also re-disabled the users account control property "Password does
> not expire" using
> pdbedit -r -c "[]" test
>
> Unix username: test
> NT username: Account Flags: [U ]
>
> User SID: S-1-5-21-1200361472-1041780773-253280391-2648
> Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513
> Full Name: Home Directory: \\fecenter\test
> HomeDir Drive: Q:
> Logon Script: Profile Path: \\fecenter\profiles\test
> Domain: LSFE
> Account desc: Workstations: Munged dial: Logon time:
> 0
> Logoff time: never
> Kickoff time: never
> Password last set: Thu, 25 Feb 2010 10:35:29 CET
> Password can change: Thu, 25 Feb 2010 10:35:29 CET
> Password must change: Sun, 03 Apr 2146 18:03:43 CEST
>
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
> I could have hit on it in a moment!
>
Disabling this policy the message stop too ?
Regards ,
>
> regards,
> Martin
>
>
>
>
> Martin Schmidt schrieb:
>
> hi,
>> I tried pdbedit -P "maximum password age" -C -1, but with no effect.
>> pdbedit -r -c "[X]" test and retyping the password via "smbpasswd test"
>> had also no effect, curiously "pdbedit -v test" gives following:
>>
>> Unix username: test
>> NT username: Account Flags: [UX ]
>> User SID: S-1-5-21-1200361472-1041780773-253280391-2648
>> Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513
>> Full Name: Home Directory: \\fecenter\test
>> HomeDir Drive: Q:
>> Logon Script: Profile Path: \\fecenter\profiles\test
>> Domain: LSFE
>> Account desc: Workstations: Munged dial: Logon time:
>> 0
>> Logoff time: never
>> Kickoff time: never
>> Password last set: Thu, 25 Feb 2010 09:47:06 CET
>> Password can change: Thu, 25 Feb 2010 09:47:06 CET
>> Password must change: never
>> Last bad password : 0
>> Bad password count : 0
>> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>>
>>
>> regards,
>> Martin
>>
>>
>>
>> Gaiseric Vandal schrieb:
>>
>>> We had a few users with the same problem when we moved the password
>>> backend from tdb to ldap. The following command seem to fix it.
>>>
>>> pdbedit -P "maximum password age" -C -1
>>>
>>>
>>>
>>>
>>> On 02/24/2010 04:25 PM, Marcelo Terres wrote:
>>>
>>>> Samba 3.0.24 doesn't have the problem, maybe because it doesn't support
>>>> the
>>>> policies domain account (configured with pdbedit).
>>>>
>>>> This feature starts in 3.0.25 and the problems with password expiration
>>>> starts in the version either.
>>>>
>>>> Regards,
>>>>
>>>> Marcelo H. Terres
>>>> mhterres at gmail.com
>>>> ****************************************
>>>> ICQ: 6649932
>>>> MSN: mhterres at hotmail.com
>>>> Jabber: mhterres at jabber.org
>>>> http://twitter.com/mhterres
>>>> http://identi.ca/mhterres
>>>> ****************************************
>>>> http://mundoopensource.blogspot.com/
>>>> http://www.propus.com.br
>>>> Sent from Porto Alegre, RS, Brazil
>>>>
>>>> On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt<
>>>> martin.schmidt at uni-wuerzburg.de> wrote:
>>>>
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> I have a very similiar problem, but the story is an other:
>>>>>
>>>>> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba
>>>>> 3.4.3
>>>>> (pdc). The user-accounts were moved following this instruction:
>>>>>
>>>>> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/.
>>>>>
>>>>> When some user now try to login to the domain from a xp-client
>>>>> following
>>>>> message appears at every login: "Your Windows password has expired and
>>>>> must
>>>>> be changed. You must change your password now!" The user can change the
>>>>> password and everything works fine. But at next login the same story.
>>>>> This
>>>>> happens only to some of the old users and to all users created after
>>>>> migration. Any idea what could be the reason for this? I already
>>>>> searched a
>>>>> lot but didn't find something like this.
>>>>>
>>>>> Thanks for any info.
>>>>>
>>>>> Regards,
>>>>> Martin
>>>>>
>>>>> Dipl.- Geogr. Martin Schmidt
>>>>>
>>>>> Würzburg University
>>>>> Department of Geography
>>>>> Remote Sensing Unit
>>>>> &
>>>>> German Remote Sensing Data Center (DFD) at
>>>>> German Aerospace Center (DLR) Oberpfaffenhofen
>>>>> --------------------------------------------------------
>>>>> Am Hubland
>>>>> 97074 Würzburg
>>>>> phone: +49 (931) 31-88179
>>>>> fax: +49 (931) 888-5544
>>>>> eMail: martin.schmidt at uni-wuerzburg.de
>>>>>
>>>>>
>>>>>
>>>>> Here my smb.conf:
>>>>>
>>>>> [global]
>>>>> #log file = /var/log/samba.%m
>>>>> smb ports = 139 445
>>>>> #root = administrator
>>>>> #DOMAIN ADMINS = root, administrator
>>>>>
>>>>> #----Allgemeine
>>>>> Einstellungen--------------------------------------------------
>>>>> #Workgroup
>>>>> netbios name = XXX #netbios aliases = XXX
>>>>> server string = XXX
>>>>> workgroup = XXX
>>>>> guest account = XXX
>>>>>
>>>>>
>>>>>
>>>>> #-----Sicherheit--------------------------------------------------------------
>>>>>
>>>>> #Nur Subnetz FE zulassen
>>>>> hosts deny = XXX
>>>>> hosts allow = XXX
>>>>>
>>>>> #Nur die Ethernet Karte 0 und Loopback zulassen
>>>>> interfaces = eth0 lo
>>>>> bind interfaces only = yes
>>>>>
>>>>> #Unbekannt Nutzer rejecten
>>>>> #map to guest = Never
>>>>>
>>>>> #Zugriff auf benutzerdefinierte Freigaben nicht erlauben
>>>>> #usershare allow guests = No
>>>>>
>>>>> #Kommunikation der Clients mit Samba auf User Ebene
>>>>> #Passwort - Backend
>>>>> #passdb backend = tdbsam:/etc/samba/passdb.tdb
>>>>> passdb backend= smbpasswd security = user
>>>>> encrypt passwords = true smb passwd file = /etc/samba/smbpasswd
>>>>> passwd program = /usr/bin/smbpasswd %u
>>>>> unix password sync = false
>>>>> obey pam restrictions = yes
>>>>>
>>>>> #Fuer bestimmte Nutzer gibts extra smb.conf Dateien
>>>>> config file = /etc/samba/smb.conf.%U
>>>>>
>>>>>
>>>>> #---- Roaming Profiles
>>>>> -----------------------------------------------------
>>>>> #Antworten auf WIN98/95 Anfragen
>>>>> domain logons = Yes
>>>>> logon path = \\%L\profiles\%U
>>>>> logon drive = Q:
>>>>> #logon script = logon.cmd
>>>>>
>>>>> #---- Browsing und Domain Master (PDC)
>>>>> -------------------------------------
>>>>> #wins support = Yes
>>>>> #wins server = XXX
>>>>> #wins proxy = yes
>>>>> #PDC im Subnetz
>>>>> domain master = Yes
>>>>> local master = Yes
>>>>> preferred master = Yes
>>>>> os level = 65
>>>>> #client-side caching policy
>>>>> #csc policy = disable
>>>>>
>>>>>
>>>>> #----Benutzerverwaltung-----------------------------------------------------
>>>>>
>>>>> #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort
>>>>> #add machine script = /usr/sbin/useradd -c Machine -d
>>>>> /var/lib/nobody -s
>>>>> /bin/false %m$
>>>>>
>>>>>
>>>>> #---Drucker----------------------------------------------------------------
>>>>>
>>>>> load printers = no
>>>>> printing = bsd
>>>>> printcap name = /dev/null
>>>>> disable spoolss = yes
>>>>>
>>>>>
>>>>> #----Tuning-----------------------------------------------------------------
>>>>>
>>>>> socket options = TCP_NODELAY IPTOS_LOWDELAY
>>>>> #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des
>>>>> Clients
>>>>> deadtime = 10
>>>>> #getwd cache = yes
>>>>> #kernel oplocks = no
>>>>> ldap suffix =
>>>>> log level = 1
>>>>> #Sonstiger Mist
>>>>> #include = /etc/samba/dhcp.conf
>>>>> dos charset = CP850
>>>>> display charset = ISO8859-1
>>>>> unix charset = ISO8859-1
>>>>> #oplock break wait time = 20
>>>>> #oplocks = no
>>>>> #kernel oplocks = no
>>>>>
>>>>> #---- Zeit-Server
>>>>> ----------------------------------------------------------
>>>>> time server = true
>>>>>
>>>>> ###################################
>>>>> # Anmeldung Freigaben #############
>>>>> ###################################
>>>>>
>>>>> [homes]
>>>>> comment = Home Directories
>>>>> valid users = %S, %D%w%S
>>>>> browseable = No
>>>>> read only = No
>>>>> inherit acls = Yes
>>>>> create mask = 0664
>>>>> directory mask = 0775
>>>>>
>>>>> [profiles]
>>>>> comment = Network Profiles Service
>>>>> path = /home/samba/windowsprofiles
>>>>> hide files = /desktop.ini/
>>>>> read only = No
>>>>> browseable = No
>>>>> guest ok = Yes
>>>>> writable = Yes
>>>>> printable = No
>>>>> store dos attributes = Yes
>>>>> create mask = 0700
>>>>> directory mask = 0700
>>>>>
>>>>> [netlogon]
>>>>> comment = Network Logon Service2
>>>>> path = /home/samba/netlogon/%g
>>>>> guest ok = Yes
>>>>> browseable = No
>>>>> read only = No
>>>>> writable = Yes
>>>>>
>>>>>
>>>>> ###################################
>>>>> # Freigaben #######################
>>>>> ###################################
>>>>> ...
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Marcelo Terres schrieb:
>>>>>
>>>>> Hi.
>>>>>
>>>>>
>>>>>> I enabled policies with pdbedit. Password must be changed every 90
>>>>>> days
>>>>>> and
>>>>>> must contain at least 8 characters. I enabled password history too.
>>>>>>
>>>>>> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour)
>>>>>> every
>>>>>> time a user try to log in the domain using Windows receives a "Your
>>>>>> password
>>>>>> expires today. Do you want to change it now ?" message box. If the
>>>>>> password
>>>>>> is changed, the message appear again next time the user try to login.
>>>>>> If
>>>>>> the
>>>>>> user answers no the same thing happens in the next login.
>>>>>>
>>>>>> I tested it with a lot of users and changed the passwords several
>>>>>> times
>>>>>> and
>>>>>> the problem continues.
>>>>>>
>>>>>> Anybody have some idea about this problem ?
>>>>>>
>>>>>> Thanks in advance.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Marcelo H. Terres
>>>>>> mhterres at gmail.com
>>>>>> ****************************************
>>>>>> ICQ: 6649932
>>>>>> MSN: mhterres at hotmail.com
>>>>>> Jabber: mhterres at jabber.org
>>>>>> http://twitter.com/mhterres
>>>>>> http://identi.ca/mhterres
>>>>>> ****************************************
>>>>>> http://mundoopensource.blogspot.com/
>>>>>> http://www.propus.com.br
>>>>>> Sent from Porto Alegre, RS, Brazil
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>>>>
>>>>
>>> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Marcelo H. Terres
mhterres at gmail.com
****************************************
ICQ: 6649932
MSN: mhterres at hotmail.com
Jabber: mhterres at jabber.org
http://twitter.com/mhterres
http://identi.ca/mhterres
****************************************
http://mundoopensource.blogspot.com/
http://www.propus.com.br
More information about the samba
mailing list