[Samba] Password Expiration setting and manually adjusting the date

Philippe LeCavalier support at plecavalier.com
Thu Jun 9 21:24:59 UTC 2022 

Just bringing this back to the surface.
On Wed, Jun 8, 2022 at 3:10 PM Philippe LeCavalier <support at plecavalier.com>
wrote:

> On Wed, Jun 8, 2022 at 4:36 AM L. van Belle via samba <
> samba at lists.samba.org> wrote:
>
>> I suggest, increase the debug level, see that happening when users change
>> a
>> password.
>> And tell us which samba version and OS your using, add the content of
>> smb.conf
>>
>> That's pretty important.
>
> I was asking if it is expected behaviour. I suppose I could interpret you
> asking for this information as confirmation that it is not expected...
>
>>
>>
>> This one might help out.
>> sudo samba-tool domain passwordsettings
>>
>  plecavalier# samba-tool domain passwordsettings show
> Password information for domain 'DC=intranet,DC=domain,DC=ca'
> Password complexity: on
> Store plaintext passwords: off
> Password history length: 24
> Minimum password length: 6
> Minimum password age (days): 0
> Maximum password age (days): 0
> Account lockout duration (mins): 30
> Account lockout threshold (attempts): 0
> Reset account lockout after (mins): 15
>
> plecavalier# uname -ar
> Linux piwc11 5.10.0-13-amd64 #1 SMP Debian 5.10.106-1 (2022-03-17) x86_64
> GNU/Linux
>
> plecavalier# dpkg -l | grep samba
> ii  python3-samba                  2:4.13.13+dfsg-1~deb11u3       amd64
>      Python 3 bindings for Samba
> ii  samba                          2:4.13.13+dfsg-1~deb11u3       amd64
>      SMB/CIFS file, print, and login server for Unix
> ii  samba-common                   2:4.13.13+dfsg-1~deb11u3       all
>      common files used by both the Samba server and client
> ii  samba-common-bin               2:4.13.13+dfsg-1~deb11u3       amd64
>      Samba common files used by both the server and the client
> ii  samba-dsdb-modules:amd64       2:4.13.13+dfsg-1~deb11u3       amd64
>      Samba Directory Services Database
> ii  samba-libs:amd64               2:4.13.13+dfsg-1~deb11u3       amd64
>      Samba core libraries
> ii  samba-vfs-modules:amd64        2:4.13.13+dfsg-1~deb11u3       amd64
>      Samba Virtual FileSystem plugins
> plecavalier# dpkg -l | grep winbind
> ii  libnss-winbind:amd64           2:4.13.13+dfsg-1~deb11u3       amd64
>      Samba nameservice integration plugins
> ii  libpam-winbind:amd64           2:4.13.13+dfsg-1~deb11u3       amd64
>      Windows domain authentication integration plugin
> ii  libwbclient0:amd64             2:4.13.13+dfsg-1~deb11u3       amd64
>      Samba winbind client library
> ii  winbind                        2:4.13.13+dfsg-1~deb11u3       amd64
>      service to resolve user and group information from Windows NT servers
>
> plecavalier# cat /etc/samba/smb.conf
> # Global parameters
> [global]
> workgroup = INTRANET
> realm = INTRANET.DOMAIN.CA
> netbios name = DC11
> server role = active directory domain controller
> dns forwarder = 8.8.8.8
> idmap_ldb:use rfc2307 = yes
> bind interfaces only = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/intranet.domain.ca/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [profiles]
> path = /data/profiles
> read only = no
>
>>
>> Greetz,
>>
>> Louis
>>
>>
>> > -----Oorspronkelijk bericht-----
>> > Van: samba <samba-bounces at lists.samba.org> Namens Philippe LeCavalier
>> > via samba
>> > Verzonden: woensdag 8 juni 2022 03:05
>> > Aan: samba <samba at lists.samba.org>
>> > Onderwerp: Re: [Samba] Password Expiration setting and manually
>> adjusting
>> > the date
>> >
>> > On Tue, Jun 7, 2022 at 10:21 AM Philippe LeCavalier
>> > <support at plecavalier.com>
>> > wrote:
>> >
>> > > Hi,
>> > > Does anyone have experience with having a password expiration (say 60
>> > > days) and manually adjusting a user's expiration date?
>> > >
>> > > I've got several domains all of which have a 90 day expiration in
>> ad-dc.
>> > > Frequently, users forget to change it and get locked out. I find that
>> > > when I postpone the expiration by adjusting the date (either in RSAT
>> > > or CLI - whichever is most handy at the time) when the user changes
>> > > the password the expiration doesn't change from the one I set. So if I
>> > > give the user 3 days to change it and they change it the next day, the
>> > > user still gets locked out on the third day yet I would expect it to
>> > > not expire until the 90th day from the day it was changed.
>> > >
>> > > Is this normal behaviour and if it is, what is the expected method for
>> > > dealing with a user with an expired account? If it isn't, what do I
>> > > need to look at to rectify this?
>> > > Thanks, Phil
>> > >
>> > Anyone experienced this?
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list