[Samba] samba 4 classicupgrade w7 clients errors
flipy.bcn at gmail.com
Tue Apr 30 03:17:08 MDT 2013
We faced the following error while testing a Kerberos login on a linux
machine joined in the domain by likewise-open:
root at test:/etc# kinit test
Password for test at MYDOMAIN.LOCAL <miquel at SCYTL_INT.LOCAL>:
Warning: Your password will expire in less than one hour on Thu Jan 1
What do actually mean:
Minimum password age (days): 0
Maximum password age (days): 0
I've dumped all users from the builtin LDAP in Samba v4, and none of them
had any reference to the password expiration date - they did have a value
for the last time they changed the password though.
It seems that it is really important to set a password expiration date
after a classic upgrade, isn't it?
On Tue, Apr 30, 2013 at 10:00 AM, Andreas Calvo <flipy.bcn at gmail.com> wrote:
> These are the current settings for the password expiration policy in the
> Password complexity: on
> Store plaintext passwords: off
> Password history length: 0
> Minimum password length: 8
> Minimum password age (days): 0
> Maximum password age (days): 0
> Is it necessary to set a value?
> A lot of users are seeing the pop-up "windows needs your credentials. Log
> off and on again".
> On Mon, Apr 29, 2013 at 3:11 AM, Andrew Bartlett <abartlet at samba.org>wrote:
>> On Sun, 2013-04-28 at 14:31 +0200, Andreas Calvo wrote:
>> > I've changed some of my test users passwords, just to renew the password
>> > expiration date.
>> > I may check if they are still expired or if I have to set a new
>> > policy.
>> > Is it set as a GPO or using the samba-tools?
>> Password expiry for the domain is applied using samba-tool:
>> samba-tool domain passwordsettings
>> As Samba can't read GPO files (but can serve them to clients), we don't
>> follow anything from the GPO. The only exception is that if a windows
>> DC shares the domain, and it has the GPO files, it will 'fix' the
>> directory to match the GPO.
>> Andrew Bartlett
>> Andrew Bartlett
>> Authentication Developer, Samba Team http://samba.org
> Andreas Calvo
More information about the samba