[Samba] help - user password expiration in loop

Fabio Pardi f.pardi at portavita.eu
Thu Jun 16 07:39:02 MDT 2011

Hi everybody,

I think i need a samba guru to solve this issue, because googling for
months did not help and the problem is becoming pressing.
I'm facing an annoying problem with samba. In detail, there is something
wrong with the password handling. It happens from windows, mac or linux
Randomly (probably after $num days), the system asks to the user to
change the password. After the user did it, the system keeps asking the
same, in a sort of loop.
The only option to change it is to manually go on the console and issue
the command "smbldap-passwd username".

My system:

ubuntu lucid 32 bit


        idmap uid = 1000-15000
        idmap gid = 1000-15000

        workgroup = PORTAVITA

        netbios name = PSAMBA

        domain logons = Yes
        domain master = Yes
        wins support = true
        obey pam restrictions = Yes
        dns proxy = No

        log level = 2
        os level = 35
        log file = /var/log/samba/log.%m
        max log size = 1000
        syslog = 0
panic action = /usr/share/samba/panic-action %d
        pam password change = Yes
        # Allows users on WinXP PCs to change their password when they
press Ctrl-Alt-Del
        unix password sync = no
        ldap passwd sync = yes

        passdb backend = ldapsam:ldap://localhost

        ldap suffix = dc=pdc

        ldap admin dn = cn=admin,dc=pdc

        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap

        ldap ssl = no

        add user script = /usr/sbin/smbldap-useradd -m '%u'
        delete user script = /usr/sbin/smbldap-userdel %u

#those scripts are modified so we can create groups also on the system
        add group script = /usr/sbin/addgroupldap-system '%g'
        delete group script = /usr/sbin/delgroupldap-system '%g'
        add user to group script
= /usr/sbin/add-user-to-group-ldap-system '%u' '%g'
add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u'
        delete user from group script
= /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g'

        set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%
        add machine script = /usr/sbin/smbldap-useradd -w '%u'
        logon drive =
        logon home =
        logon path =
        logon script = users/login.bat
  server signing = auto
        server schannel = Auto
        nt acl support = yes
        comment = Home Directories
        valid users = %S
        read only = No
        browseable = No

        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        admin users = root
        guest ok = Yes
        browseable = No
       logon script = login.bat

        comment = Software Folder
        path = /share/software
        create mask = 0777
        directory mask = 0777
        read only = no
        writable = yes
        browsable = yes
        invalid users =guest123

        comment = Prog Folder
        path = /share/prog
        create mask = 0777
        directory mask = 0777
        read only = no
        writable = yes
        browsable = yes
        invalid users =guest123


samba version from package is 3.4.7
ldapadd -V
ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $
	buildd at rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools
	(LDAP library: OpenLDAP 20421)
SASL/DIGEST-MD5 authentication started

Any help or suggestion is strongly appreciated.



More information about the samba mailing list