[Samba] Changing password on unix client joined to AD

Lorenzo Milesi lorenzo.milesi at yetopen.it
Tue Jul 27 07:14:10 MDT 2010


I've set up a Samba PDC on Debian, working fine with XP Clients. 

I'm now trying to have a linux client join the domain. I managed to do that, but I cannot handle password expiration. When the domain pass is expired, in GDM I see a message "Your password is expired" but the user can log in anyway. 

I used the following guide to configure my Linux client, which is an Ubuntu 10.04:

Configured PAM using pam-auth-update.
common-auth is:
auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login use_first_pass

password        [success=2 default=ignore]      pam_unix.so obscure sha512
password        [success=1 default=ignore]      pam_winbind.so use_authtok use_first_pass

passwd: files winbind
group: files winbind
shadow: files winbind
hosts:          files dns

What should I change?
Lorenzo Milesi - lorenzo.milesi at yetopen.it

YetOpen S.r.l. - http://www.yetopen.it/
Via Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222

GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it

-------- D.Lgs. 196/2003 --------

Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena

More information about the samba mailing list