[Samba] samba 4 classicupgrade w7 clients errors

Andreas Calvo flipy.bcn at gmail.com
Tue Apr 30 03:17:08 MDT 2013


We faced the following error while testing a Kerberos login on a linux
machine joined in the domain by likewise-open:
root at test:/etc# kinit test
Password for test at MYDOMAIN.LOCAL <miquel at SCYTL_INT.LOCAL>:
Warning: Your password will expire in less than one hour on Thu Jan 1
01:00:00 1970

What do actually mean:
Minimum password age (days): 0
Maximum password age (days): 0

I've dumped all users from the builtin LDAP in Samba v4, and none of them
had any reference to the password expiration date - they did have a value
for the last time they changed the password though.

It seems that it is really important to set a password expiration date
after a classic upgrade, isn't it?



On Tue, Apr 30, 2013 at 10:00 AM, Andreas Calvo <flipy.bcn at gmail.com> wrote:

> These are the current settings for the password expiration policy in the
> domain:
> Password complexity: on
> Store plaintext passwords: off
> Password history length: 0
> Minimum password length: 8
> Minimum password age (days): 0
> Maximum password age (days): 0
>
> Is it necessary to set a value?
> A lot of users are seeing the pop-up "windows needs your credentials. Log
> off and on again".
>
>
> On Mon, Apr 29, 2013 at 3:11 AM, Andrew Bartlett <abartlet at samba.org>wrote:
>
>> On Sun, 2013-04-28 at 14:31 +0200, Andreas Calvo wrote:
>> > I've changed some of my test users passwords, just to renew the password
>> > expiration date.
>> > I may check if they are still expired or if I have to set a new
>> expiration
>> > policy.
>> > Is it set as a GPO or using the samba-tools?
>>
>> Password expiry for the domain is applied using samba-tool:
>>
>> samba-tool domain passwordsettings
>>
>> As Samba can't read GPO files (but can serve them to clients), we don't
>> follow anything from the GPO.  The only exception is that if a windows
>> DC shares the domain, and it has the GPO files, it will 'fix' the
>> directory to match the GPO.
>>
>> Andrew Bartlett
>> --
>> Andrew Bartlett
>> http://samba.org/~abartlet/
>> Authentication Developer, Samba Team           http://samba.org
>>
>>
>>
>
>
> --
> Atentamente,
> Andreas Calvo
>



-- 
Atentamente,
Andreas Calvo


More information about the samba mailing list