[Samba] help - user password expiration in loop
Fabio Pardi
f.pardi at portavita.eu
Fri Jun 17 08:32:11 MDT 2011
Thanks a lot Christ,
a managed using pdbedit. In facts, many accounts were carrying only the
[U], no X (but i clearly remember I changed every user's setting with
"password never expires" from the srvtool graphical tool :s )
Now the only thing i have to do is waiting....
Thanks a lot for your time, hoping this will permanently do the job.
Best Regards
Fabio
On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote:
> use pdbedit or your web-based ldap manager to update the account flags
> to [UX]. document the previous value before changing the flags. Use
> smbldap tools to update the expire time. if none of this fixes it, post
> an ldif if an affected user account, as well as all the info from
> smbldap-tools about said user.
> On 6/16/2011 06:39, Fabio Pardi wrote:
> > Hi everybody,
> >
> > I think i need a samba guru to solve this issue, because googling for
> > months did not help and the problem is becoming pressing.
> > I'm facing an annoying problem with samba. In detail, there is something
> > wrong with the password handling. It happens from windows, mac or linux
> > clients.
> > Randomly (probably after $num days), the system asks to the user to
> > change the password. After the user did it, the system keeps asking the
> > same, in a sort of loop.
> > The only option to change it is to manually go on the console and issue
> > the command "smbldap-passwd username".
> >
> > My system:
> >
> > ubuntu lucid 32 bit
> >
> > smb.conf
> >
> > ----cut---
> > [global]
> > idmap uid = 1000-15000
> > idmap gid = 1000-15000
> >
> >
> > workgroup = PORTAVITA
> >
> > netbios name = PSAMBA
> >
> > domain logons = Yes
> > domain master = Yes
> > wins support = true
> > obey pam restrictions = Yes
> > dns proxy = No
> >
> > log level = 2
> > os level = 35
> > log file = /var/log/samba/log.%m
> > max log size = 1000
> > syslog = 0
> > panic action = /usr/share/samba/panic-action %d
> > pam password change = Yes
> > # Allows users on WinXP PCs to change their password when they
> > press Ctrl-Alt-Del
> > unix password sync = no
> > ldap passwd sync = yes
> >
> > passdb backend = ldapsam:ldap://localhost
> >
> > ldap suffix = dc=pdc
> >
> > ldap admin dn = cn=admin,dc=pdc
> >
> > ldap machine suffix = ou=Computers
> > ldap user suffix = ou=Users
> > ldap group suffix = ou=Groups
> > ldap idmap suffix = ou=Idmap
> >
> > ldap ssl = no
> >
> > add user script = /usr/sbin/smbldap-useradd -m '%u'
> > delete user script = /usr/sbin/smbldap-userdel %u
> >
> >
> > #those scripts are modified so we can create groups also on the system
> > add group script = /usr/sbin/addgroupldap-system '%g'
> > delete group script = /usr/sbin/delgroupldap-system '%g'
> > add user to group script
> > = /usr/sbin/add-user-to-group-ldap-system '%u' '%g'
> > add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u'
> > '%g'
> > delete user from group script
> > = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g'
> >
> >
> >
> > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%
> > u'
> > add machine script = /usr/sbin/smbldap-useradd -w '%u'
> > logon drive =
> > logon home =
> > logon path =
> > logon script = users/login.bat
> > server signing = auto
> > server schannel = Auto
> > nt acl support = yes
> > [homes]
> > comment = Home Directories
> > valid users = %S
> > read only = No
> > browseable = No
> >
> > [netlogon]
> > comment = Network Logon Service
> > path = /var/lib/samba/netlogon
> > admin users = root
> > guest ok = Yes
> > browseable = No
> > logon script = login.bat
> >
> > [Software]
> > comment = Software Folder
> > path = /share/software
> > create mask = 0777
> > directory mask = 0777
> > read only = no
> > writable = yes
> > browsable = yes
> > invalid users =guest123
> >
> > [progr]
> > comment = Prog Folder
> > path = /share/prog
> > create mask = 0777
> > directory mask = 0777
> > read only = no
> > writable = yes
> > browsable = yes
> > invalid users =guest123
> >
> > ----cut----
> >
> > samba version from package is 3.4.7
> > ldapadd -V
> > ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $
> > buildd at rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools
> > (LDAP library: OpenLDAP 20421)
> > SASL/DIGEST-MD5 authentication started
> >
> >
> >
> > Any help or suggestion is strongly appreciated.
> >
> > Regards,
> >
> > Fabio
> >
> >
>
More information about the samba
mailing list