[Samba] Your password expires today problem
Martin Schmidt
martin.schmidt at uni-wuerzburg.de
Mon Mar 1 04:49:28 MST 2010
Am 26.02.2010 14:51, schrieb Marcelo Terres:
> Let me understand.
>
>
>
> On Fri, Feb 26, 2010 at 6:52 AM, Martin Schmidt
> <martin.schmidt at uni-wuerzburg.de
> <mailto:martin.schmidt at uni-wuerzburg.de>> wrote:
>
> hi again,
>
> in my case it works now after setting the "maximum password age"
> to a point far in future, but not to "never".
> So this works:
> pdbedit -P "maximum password age" -C 4294967294
>
>
> This way, the message stops ?
see below.
>
> but this not:
>
> pdbedit -P "maximum password age" -C -1
>
> I have also re-disabled the users account control property
> "Password does not expire" using
> pdbedit -r -c "[]" test
>
> Unix username: test
> NT username: Account Flags: [U ]
>
> User SID: S-1-5-21-1200361472-1041780773-253280391-2648
> Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513
> Full Name: Home Directory: \\fecenter\test
> HomeDir Drive: Q:
> Logon Script: Profile Path: \\fecenter\profiles\test
> Domain: LSFE
> Account desc: Workstations: Munged dial:
> Logon time: 0
> Logoff time: never
> Kickoff time: never
> Password last set: Thu, 25 Feb 2010 10:35:29 CET
> Password can change: Thu, 25 Feb 2010 10:35:29 CET
> Password must change: Sun, 03 Apr 2146 18:03:43 CEST
>
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
> I could have hit on it in a moment!
>
>
> Disabling this policy the message stop too ?
I'm not sure what stoped the message eventually. But I think the first
one, the second procedure was only to undo my changes I have done while
testing.
Regards,
Martin
>
> Regards ,
>
>
> regards,
> Martin
>
>
>
>
> Martin Schmidt schrieb:
>
> hi,
> I tried pdbedit -P "maximum password age" -C -1, but with no
> effect.
> pdbedit -r -c "[X]" test and retyping the password via
> "smbpasswd test" had also no effect, curiously "pdbedit -v
> test" gives following:
>
> Unix username: test
> NT username: Account Flags: [UX ]
> User SID:
> S-1-5-21-1200361472-1041780773-253280391-2648
> Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513
> Full Name: Home Directory: \\fecenter\test
> HomeDir Drive: Q:
> Logon Script: Profile Path:
> \\fecenter\profiles\test
> Domain: LSFE
> Account desc: Workstations: Munged dial:
> Logon time: 0
> Logoff time: never
> Kickoff time: never
> Password last set: Thu, 25 Feb 2010 09:47:06 CET
> Password can change: Thu, 25 Feb 2010 09:47:06 CET
> Password must change: never
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
>
> regards,
> Martin
>
>
>
> Gaiseric Vandal schrieb:
>
> We had a few users with the same problem when we moved the
> password backend from tdb to ldap. The following
> command seem to fix it.
>
> pdbedit -P "maximum password age" -C -1
>
>
>
>
> On 02/24/2010 04:25 PM, Marcelo Terres wrote:
>
> Samba 3.0.24 doesn't have the problem, maybe because
> it doesn't support the
> policies domain account (configured with pdbedit).
>
> This feature starts in 3.0.25 and the problems with
> password expiration
> starts in the version either.
>
> Regards,
>
> Marcelo H. Terres
> mhterres at gmail.com <mailto:mhterres at gmail.com>
> ****************************************
> ICQ: 6649932
> MSN: mhterres at hotmail.com <mailto:mhterres at hotmail.com>
> Jabber: mhterres at jabber.org <mailto:mhterres at jabber.org>
> http://twitter.com/mhterres
> http://identi.ca/mhterres
> ****************************************
> http://mundoopensource.blogspot.com/
> http://www.propus.com.br
> Sent from Porto Alegre, RS, Brazil
>
> On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt<
> martin.schmidt at uni-wuerzburg.de
> <mailto:martin.schmidt at uni-wuerzburg.de>> wrote:
>
>
> Hi,
>
> I have a very similiar problem, but the story is
> an other:
>
> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu
> 9.10 server samba 3.4.3
> (pdc). The user-accounts were moved following this
> instruction:
> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/.
>
> When some user now try to login to the domain from
> a xp-client following
> message appears at every login: "Your Windows
> password has expired and must
> be changed. You must change your password now!"
> The user can change the
> password and everything works fine. But at next
> login the same story. This
> happens only to some of the old users and to all
> users created after
> migration. Any idea what could be the reason for
> this? I already searched a
> lot but didn't find something like this.
>
> Thanks for any info.
>
> Regards,
> Martin
>
> Dipl.- Geogr. Martin Schmidt
>
> Würzburg University
> Department of Geography
> Remote Sensing Unit
> &
> German Remote Sensing Data Center (DFD) at
> German Aerospace Center (DLR) Oberpfaffenhofen
> --------------------------------------------------------
> Am Hubland
> 97074 Würzburg
> phone: +49 (931) 31-88179
> fax: +49 (931) 888-5544
> eMail: martin.schmidt at uni-wuerzburg.de
> <mailto:martin.schmidt at uni-wuerzburg.de>
>
>
>
> Here my smb.conf:
>
> [global]
> #log file = /var/log/samba.%m
> smb ports = 139 445
> #root = administrator
> #DOMAIN ADMINS = root, administrator
>
> #----Allgemeine
> Einstellungen--------------------------------------------------
> #Workgroup
> netbios name = XXX #netbios aliases = XXX
> server string = XXX
> workgroup = XXX
> guest account = XXX
>
>
>
> #-----Sicherheit--------------------------------------------------------------
>
> #Nur Subnetz FE zulassen
> hosts deny = XXX
> hosts allow = XXX
>
> #Nur die Ethernet Karte 0 und Loopback zulassen
> interfaces = eth0 lo
> bind interfaces only = yes
>
> #Unbekannt Nutzer rejecten
> #map to guest = Never
>
> #Zugriff auf benutzerdefinierte Freigaben nicht
> erlauben
> #usershare allow guests = No
>
> #Kommunikation der Clients mit Samba auf User Ebene
> #Passwort - Backend
> #passdb backend = tdbsam:/etc/samba/passdb.tdb
> passdb backend= smbpasswd security = user
> encrypt passwords = true smb passwd file =
> /etc/samba/smbpasswd
> passwd program = /usr/bin/smbpasswd %u
> unix password sync = false
> obey pam restrictions = yes
>
> #Fuer bestimmte Nutzer gibts extra smb.conf Dateien
> config file = /etc/samba/smb.conf.%U
>
>
> #---- Roaming Profiles
> -----------------------------------------------------
> #Antworten auf WIN98/95 Anfragen
> domain logons = Yes
> logon path = \\%L\profiles\%U
> logon drive = Q:
> #logon script = logon.cmd
>
> #---- Browsing und Domain Master (PDC)
> -------------------------------------
> #wins support = Yes
> #wins server = XXX
> #wins proxy = yes
> #PDC im Subnetz
> domain master = Yes
> local master = Yes
> preferred master = Yes
> os level = 65
> #client-side caching policy
> #csc policy = disable
>
>
> #----Benutzerverwaltung-----------------------------------------------------
>
> #Hinzufuegen einer Maschine ueber die Methode
> Benutzername/Passwort
> #add machine script = /usr/sbin/useradd -c
> Machine -d /var/lib/nobody -s
> /bin/false %m$
>
>
> #---Drucker----------------------------------------------------------------
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
>
> #----Tuning-----------------------------------------------------------------
>
> socket options = TCP_NODELAY IPTOS_LOWDELAY
> #Zeit zur Unterbrechung der Verbindung
> Server-Client bei Verlust des
> Clients
> deadtime = 10
> #getwd cache = yes
> #kernel oplocks = no
> ldap suffix =
> log level = 1
> #Sonstiger Mist
> #include = /etc/samba/dhcp.conf
> dos charset = CP850
> display charset = ISO8859-1
> unix charset = ISO8859-1
> #oplock break wait time = 20
> #oplocks = no
> #kernel oplocks = no
>
> #---- Zeit-Server
> ----------------------------------------------------------
> time server = true
>
> ###################################
> # Anmeldung Freigaben #############
> ###################################
>
> [homes]
> comment = Home Directories
> valid users = %S, %D%w%S
> browseable = No
> read only = No
> inherit acls = Yes
> create mask = 0664
> directory mask = 0775
>
> [profiles]
> comment = Network Profiles Service
> path = /home/samba/windowsprofiles
> hide files = /desktop.ini/
> read only = No
> browseable = No
> guest ok = Yes
> writable = Yes
> printable = No
> store dos attributes = Yes
> create mask = 0700
> directory mask = 0700
>
> [netlogon]
> comment = Network Logon Service2
> path = /home/samba/netlogon/%g
> guest ok = Yes
> browseable = No
> read only = No
> writable = Yes
>
>
> ###################################
> # Freigaben #######################
> ###################################
> ...
>
>
>
>
> Marcelo Terres schrieb:
>
> Hi.
>
> I enabled policies with pdbedit. Password must
> be changed every 90 days
> and
> must contain at least 8 characters. I enabled
> password history too.
>
> After that (I tried it in samba 3.4.3 and
> 3.0.25 with same behaviour)
> every
> time a user try to log in the domain using
> Windows receives a "Your
> password
> expires today. Do you want to change it now ?"
> message box. If the
> password
> is changed, the message appear again next time
> the user try to login. If
> the
> user answers no the same thing happens in the
> next login.
>
> I tested it with a lot of users and changed
> the passwords several times
> and
> the problem continues.
>
> Anybody have some idea about this problem ?
>
> Thanks in advance.
>
> Regards,
>
> Marcelo H. Terres
> mhterres at gmail.com <mailto:mhterres at gmail.com>
> ****************************************
> ICQ: 6649932
> MSN: mhterres at hotmail.com
> <mailto:mhterres at hotmail.com>
> Jabber: mhterres at jabber.org
> <mailto:mhterres at jabber.org>
> http://twitter.com/mhterres
> http://identi.ca/mhterres
> ****************************************
> http://mundoopensource.blogspot.com/
> http://www.propus.com.br
> Sent from Porto Alegre, RS, Brazil
>
>
>
> --
> To unsubscribe from this list go to the following
> URL and read the
> instructions:
> https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
>
>
> Marcelo H. Terres
> mhterres at gmail.com <mailto:mhterres at gmail.com>
> ****************************************
> ICQ: 6649932
> MSN: mhterres at hotmail.com <mailto:mhterres at hotmail.com>
> Jabber: mhterres at jabber.org <mailto:mhterres at jabber.org>
> http://twitter.com/mhterres
> http://identi.ca/mhterres
> ****************************************
> http://mundoopensource.blogspot.com/
> http://www.propus.com.br
>
More information about the samba
mailing list