[Samba] help - user password expiration in loop

Fabio Pardi f.pardi at portavita.eu
Wed Jul 6 07:41:44 MDT 2011 

Hi Dermot,

thanks for your reply.
here below you have the output, nothing strange to my eyes, but
maybe(hopefully) you know more:

pdbedit -P "bad lockout attempt" 
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "bad lockout attempt" description: Lockout users after
bad logon attempts (default: 0 => off)
account policy "bad lockout attempt" value is: 0

---
pdbedit -P "maximum password age" 
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "maximum password age" description: Maximum password age,
in seconds (default: -1 => never expire passwords)
account policy "maximum password age" value is: 4294967295

---
 pdbedit -P "min password length" 
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "min password length" description: Minimal password
length (default: 5)
account policy "min password length" value is: 5

---
 pdbedit -P "lockout duration" 
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "lockout duration" description: Lockout duration in
minutes (default: 30, -1 => forever)
account policy "lockout duration" value is: 30

---
 pdbedit -P "password history" 
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "password history" description: Length of Password
History Entries (default: 0 => off)
account policy "password history" value is: 0

----
pdbedit -P "user must logon to change password" 
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "user must logon to change password" description: Force
Users to logon for password change (default: 0 => off, 2 => on)
account policy "user must logon to change password" value is: 0

-----
pdbedit -P "disconnect time" 
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "disconnect time" description: Disconnect Users outside
logon hours (default: -1 => off, 0 => on)
account policy "disconnect time" value is: 4294967295

---
pdbedit -P "bad lockout attempt" 
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "bad lockout attempt" description: Lockout users after
bad logon attempts (default: 0 => off)
account policy "bad lockout attempt" value is: 0
------
pdbedit -P "minimum password age" 
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "minimum password age" description: Minimal password age,
in seconds (default: 0 => allow immediate password change)
account policy "minimum password age" value is: 0
---
pdbedit -P "reset count minutes" 
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "reset count minutes" description: Reset time after
lockout in minutes (default: 30)
account policy "reset count minutes" value is: 30
---


then i tried: 

word age" value is: 4294967295
15:38 root at pdc-portavita:~# pdbedit -P "maximum password age"  -C -1
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(XXXXXXXXXXXXXXXX))]
smbldap_open_connection: connection opened
account policy "maximum password age" description: Maximum password age,
in seconds (default: -1 => never expire passwords)
account policy "maximum password age" value was: 4294967295
account policy "maximum password age" value is now: 4294967295
(4294967295 seconds that means 131 years and some days)
------




On Mon, 2011-07-04 at 21:21 +0100, Dermot wrote:

> On 4 July 2011 16:37, Fabio Pardi <f.pardi at portavita.eu> wrote:
> 
> > nobody to help?
> 
> I just throwing out ideas here. What is the output from pdbedit -P for
> all these policies: minimum password age, reset count minutes,
> disconnect time, user must logon to change password, password history,
> lockout duration, min password length, maximum password age and bad
> lockout attempt.
> 
> Perhaps there are clues there.
> Dp.

More information about the samba mailing list