[Samba] help - user password expiration in loop
Christ Schlacta
lists at aarcane.org
Thu Jun 16 07:52:08 MDT 2011
use pdbedit or your web-based ldap manager to update the account flags
to [UX]. document the previous value before changing the flags. Use
smbldap tools to update the expire time. if none of this fixes it, post
an ldif if an affected user account, as well as all the info from
smbldap-tools about said user.
On 6/16/2011 06:39, Fabio Pardi wrote:
> Hi everybody,
>
> I think i need a samba guru to solve this issue, because googling for
> months did not help and the problem is becoming pressing.
> I'm facing an annoying problem with samba. In detail, there is something
> wrong with the password handling. It happens from windows, mac or linux
> clients.
> Randomly (probably after $num days), the system asks to the user to
> change the password. After the user did it, the system keeps asking the
> same, in a sort of loop.
> The only option to change it is to manually go on the console and issue
> the command "smbldap-passwd username".
>
> My system:
>
> ubuntu lucid 32 bit
>
> smb.conf
>
> ----cut---
> [global]
> idmap uid = 1000-15000
> idmap gid = 1000-15000
>
>
> workgroup = PORTAVITA
>
> netbios name = PSAMBA
>
> domain logons = Yes
> domain master = Yes
> wins support = true
> obey pam restrictions = Yes
> dns proxy = No
>
> log level = 2
> os level = 35
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> pam password change = Yes
> # Allows users on WinXP PCs to change their password when they
> press Ctrl-Alt-Del
> unix password sync = no
> ldap passwd sync = yes
>
> passdb backend = ldapsam:ldap://localhost
>
> ldap suffix = dc=pdc
>
> ldap admin dn = cn=admin,dc=pdc
>
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
>
> ldap ssl = no
>
> add user script = /usr/sbin/smbldap-useradd -m '%u'
> delete user script = /usr/sbin/smbldap-userdel %u
>
>
> #those scripts are modified so we can create groups also on the system
> add group script = /usr/sbin/addgroupldap-system '%g'
> delete group script = /usr/sbin/delgroupldap-system '%g'
> add user to group script
> = /usr/sbin/add-user-to-group-ldap-system '%u' '%g'
> add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u'
> '%g'
> delete user from group script
> = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g'
>
>
>
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%
> u'
> add machine script = /usr/sbin/smbldap-useradd -w '%u'
> logon drive =
> logon home =
> logon path =
> logon script = users/login.bat
> server signing = auto
> server schannel = Auto
> nt acl support = yes
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> admin users = root
> guest ok = Yes
> browseable = No
> logon script = login.bat
>
> [Software]
> comment = Software Folder
> path = /share/software
> create mask = 0777
> directory mask = 0777
> read only = no
> writable = yes
> browsable = yes
> invalid users =guest123
>
> [progr]
> comment = Prog Folder
> path = /share/prog
> create mask = 0777
> directory mask = 0777
> read only = no
> writable = yes
> browsable = yes
> invalid users =guest123
>
> ----cut----
>
> samba version from package is 3.4.7
> ldapadd -V
> ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $
> buildd at rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools
> (LDAP library: OpenLDAP 20421)
> SASL/DIGEST-MD5 authentication started
>
>
>
> Any help or suggestion is strongly appreciated.
>
> Regards,
>
> Fabio
>
>
More information about the samba
mailing list