[Samba] Changing password on unix client joined to AD

k.maksimov k.maksimov at butb.by
Tue Jul 27 07:38:42 MDT 2010

Lorenzo Milesi wrote:
> Hi.
> I've set up a Samba PDC on Debian, working fine with XP Clients. 
> I'm now trying to have a linux client join the domain. I managed to do that, but I cannot handle password expiration. When the domain pass is expired, in GDM I see a message "Your password is expired" but the user can log in anyway. 
> I used the following guide to configure my Linux client, which is an Ubuntu 10.04:
> https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto
> Configured PAM using pam-auth-update.
> common-auth is:
> auth    [success=2 default=ignore]      pam_unix.so nullok_secure
> auth    [success=1 default=ignore]      pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login use_first_pass
> common-password
> password        [success=2 default=ignore]      pam_unix.so obscure sha512
> password        [success=1 default=ignore]      pam_winbind.so use_authtok use_first_pass
> nsswitch.conf
> passwd: files winbind
> group: files winbind
> shadow: files winbind
> hosts:          files dns
> What should I change?
> thanks
GDM not support this feature: 

if you want, you can hack gdm)

More information about the samba mailing list