[Samba] help - user password expiration in loop
Fabio Pardi
f.pardi at portavita.eu
Mon Jul 4 09:37:04 MDT 2011
nobody to help?
On Fri, 2011-06-24 at 16:56 +0200, Fabio Pardi wrote:
> Dears,
>
> Unfortunately it happened again.
> Now i see the user has the flags UX, but the system keeps asking for a
> password change in loop.
>
> details about pdbedit -L -v
>
> ---------------
> Unix username: myuser
> NT username: myuser
> Account Flags: [UX ]
> User SID: S-1-5-21-222803232-3192872370-2452721687-1015
> Primary Group SID: S-1-5-21-222803232-3192872370-2452721687-513
> Full Name: hers name
> Home Directory:
> HomeDir Drive:
> Logon Script: users/login.bat
> Profile Path:
> Domain: mydomain
> Account desc: Software Developer
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: never
> Kickoff time: 0
> Password last set: Fri, 24 Jun 2011 16:48:34 CEST
> Password can change: Fri, 24 Jun 2011 16:48:34 CEST
> Password must change: never
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> -------------------------
>
>
>
>
> On Fri, 2011-06-17 at 16:32 +0200, Fabio Pardi wrote:
>
> > Thanks a lot Christ,
> >
> > a managed using pdbedit. In facts, many accounts were carrying only the
> > [U], no X (but i clearly remember I changed every user's setting with
> > "password never expires" from the srvtool graphical tool :s )
> >
> > Now the only thing i have to do is waiting....
> >
> > Thanks a lot for your time, hoping this will permanently do the job.
> >
> > Best Regards
> >
> > Fabio
> >
> > On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote:
> >
> > > use pdbedit or your web-based ldap manager to update the account flags
> > > to [UX]. document the previous value before changing the flags. Use
> > > smbldap tools to update the expire time. if none of this fixes it, post
> > > an ldif if an affected user account, as well as all the info from
> > > smbldap-tools about said user.
> > > On 6/16/2011 06:39, Fabio Pardi wrote:
> > > > Hi everybody,
> > > >
> > > > I think i need a samba guru to solve this issue, because googling for
> > > > months did not help and the problem is becoming pressing.
> > > > I'm facing an annoying problem with samba. In detail, there is something
> > > > wrong with the password handling. It happens from windows, mac or linux
> > > > clients.
> > > > Randomly (probably after $num days), the system asks to the user to
> > > > change the password. After the user did it, the system keeps asking the
> > > > same, in a sort of loop.
> > > > The only option to change it is to manually go on the console and issue
> > > > the command "smbldap-passwd username".
> > > >
> > > > My system:
> > > >
> > > > ubuntu lucid 32 bit
> > > >
> > > > smb.conf
> > > >
> > > > ----cut---
> > > > [global]
> > > > idmap uid = 1000-15000
> > > > idmap gid = 1000-15000
> > > >
> > > >
> > > > workgroup = PORTAVITA
> > > >
> > > > netbios name = PSAMBA
> > > >
> > > > domain logons = Yes
> > > > domain master = Yes
> > > > wins support = true
> > > > obey pam restrictions = Yes
> > > > dns proxy = No
> > > >
> > > > log level = 2
> > > > os level = 35
> > > > log file = /var/log/samba/log.%m
> > > > max log size = 1000
> > > > syslog = 0
> > > > panic action = /usr/share/samba/panic-action %d
> > > > pam password change = Yes
> > > > # Allows users on WinXP PCs to change their password when they
> > > > press Ctrl-Alt-Del
> > > > unix password sync = no
> > > > ldap passwd sync = yes
> > > >
> > > > passdb backend = ldapsam:ldap://localhost
> > > >
> > > > ldap suffix = dc=pdc
> > > >
> > > > ldap admin dn = cn=admin,dc=pdc
> > > >
> > > > ldap machine suffix = ou=Computers
> > > > ldap user suffix = ou=Users
> > > > ldap group suffix = ou=Groups
> > > > ldap idmap suffix = ou=Idmap
> > > >
> > > > ldap ssl = no
> > > >
> > > > add user script = /usr/sbin/smbldap-useradd -m '%u'
> > > > delete user script = /usr/sbin/smbldap-userdel %u
> > > >
> > > >
> > > > #those scripts are modified so we can create groups also on the system
> > > > add group script = /usr/sbin/addgroupldap-system '%g'
> > > > delete group script = /usr/sbin/delgroupldap-system '%g'
> > > > add user to group script
> > > > = /usr/sbin/add-user-to-group-ldap-system '%u' '%g'
> > > > add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u'
> > > > '%g'
> > > > delete user from group script
> > > > = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g'
> > > >
> > > >
> > > >
> > > > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%
> > > > u'
> > > > add machine script = /usr/sbin/smbldap-useradd -w '%u'
> > > > logon drive =
> > > > logon home =
> > > > logon path =
> > > > logon script = users/login.bat
> > > > server signing = auto
> > > > server schannel = Auto
> > > > nt acl support = yes
> > > > [homes]
> > > > comment = Home Directories
> > > > valid users = %S
> > > > read only = No
> > > > browseable = No
> > > >
> > > > [netlogon]
> > > > comment = Network Logon Service
> > > > path = /var/lib/samba/netlogon
> > > > admin users = root
> > > > guest ok = Yes
> > > > browseable = No
> > > > logon script = login.bat
> > > >
> > > > [Software]
> > > > comment = Software Folder
> > > > path = /share/software
> > > > create mask = 0777
> > > > directory mask = 0777
> > > > read only = no
> > > > writable = yes
> > > > browsable = yes
> > > > invalid users =guest123
> > > >
> > > > [progr]
> > > > comment = Prog Folder
> > > > path = /share/prog
> > > > create mask = 0777
> > > > directory mask = 0777
> > > > read only = no
> > > > writable = yes
> > > > browsable = yes
> > > > invalid users =guest123
> > > >
> > > > ----cut----
> > > >
> > > > samba version from package is 3.4.7
> > > > ldapadd -V
> > > > ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $
> > > > buildd at rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools
> > > > (LDAP library: OpenLDAP 20421)
> > > > SASL/DIGEST-MD5 authentication started
> > > >
> > > >
> > > >
> > > > Any help or suggestion is strongly appreciated.
> > > >
> > > > Regards,
> > > >
> > > > Fabio
> > > >
> > > >
> > >
> >
> >
>
>
More information about the samba
mailing list