Hello, i got this Problem with Samba 3.4.6 and 3.5.1 and yes i know there is already a bug report.
Your workaround doesn't work for me. Is there another solution? This don't work: pdbedit -P "maximum password age" -C 4294967294 I'am using LDAP. We have Upgraded from 3.2.14. The LDAP Schema Files don't have changed, or? Kind Regards Richi -------- Original-Nachricht -------- > Datum: Mon, 01 Mar 2010 12:49:28 +0100 > Von: Martin Schmidt <martin.schm...@uni-wuerzburg.de> > An: Marcelo Terres <mhter...@gmail.com> > CC: samba@lists.samba.org > Betreff: Re: [Samba] Your password expires today problem > Am 26.02.2010 14:51, schrieb Marcelo Terres: > > Let me understand. > > > > > > > > On Fri, Feb 26, 2010 at 6:52 AM, Martin Schmidt > > <martin.schm...@uni-wuerzburg.de > > <mailto:martin.schm...@uni-wuerzburg.de>> wrote: > > > > hi again, > > > > in my case it works now after setting the "maximum password age" > > to a point far in future, but not to "never". > > So this works: > > pdbedit -P "maximum password age" -C 4294967294 > > > > > > This way, the message stops ? > see below. > > > > but this not: > > > > pdbedit -P "maximum password age" -C -1 > > > > I have also re-disabled the users account control property > > "Password does not expire" using > > pdbedit -r -c "[]" test > > > > Unix username: test > > NT username: Account Flags: [U ] > > > > User SID: S-1-5-21-1200361472-1041780773-253280391-2648 > > Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513 > > Full Name: Home Directory: \\fecenter\test > > HomeDir Drive: Q: > > Logon Script: Profile Path: \\fecenter\profiles\test > > Domain: LSFE > > Account desc: Workstations: Munged dial: > > Logon time: 0 > > Logoff time: never > > Kickoff time: never > > Password last set: Thu, 25 Feb 2010 10:35:29 CET > > Password can change: Thu, 25 Feb 2010 10:35:29 CET > > Password must change: Sun, 03 Apr 2146 18:03:43 CEST > > > > Last bad password : 0 > > Bad password count : 0 > > Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > > > I could have hit on it in a moment! > > > > > > Disabling this policy the message stop too ? > I'm not sure what stoped the message eventually. But I think the first > one, the second procedure was only to undo my changes I have done while > testing. > > Regards, > Martin > > > > > Regards , > > > > > > regards, > > Martin > > > > > > > > > > Martin Schmidt schrieb: > > > > hi, > > I tried pdbedit -P "maximum password age" -C -1, but with no > > effect. > > pdbedit -r -c "[X]" test and retyping the password via > > "smbpasswd test" had also no effect, curiously "pdbedit -v > > test" gives following: > > > > Unix username: test > > NT username: Account Flags: [UX ] > > User SID: > > S-1-5-21-1200361472-1041780773-253280391-2648 > > Primary Group SID: > S-1-5-21-1200361472-1041780773-253280391-513 > > Full Name: Home Directory: \\fecenter\test > > HomeDir Drive: Q: > > Logon Script: Profile Path: > > \\fecenter\profiles\test > > Domain: LSFE > > Account desc: Workstations: Munged dial: > > Logon time: 0 > > Logoff time: never > > Kickoff time: never > > Password last set: Thu, 25 Feb 2010 09:47:06 CET > > Password can change: Thu, 25 Feb 2010 09:47:06 CET > > Password must change: never > > Last bad password : 0 > > Bad password count : 0 > > Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > > > > > regards, > > Martin > > > > > > > > Gaiseric Vandal schrieb: > > > > We had a few users with the same problem when we moved the > > password backend from tdb to ldap. The following > > command seem to fix it. > > > > pdbedit -P "maximum password age" -C -1 > > > > > > > > > > On 02/24/2010 04:25 PM, Marcelo Terres wrote: > > > > Samba 3.0.24 doesn't have the problem, maybe because > > it doesn't support the > > policies domain account (configured with pdbedit). > > > > This feature starts in 3.0.25 and the problems with > > password expiration > > starts in the version either. > > > > Regards, > > > > Marcelo H. Terres > > mhter...@gmail.com <mailto:mhter...@gmail.com> > > **************************************** > > ICQ: 6649932 > > MSN: mhter...@hotmail.com <mailto:mhter...@hotmail.com> > > Jabber: mhter...@jabber.org <mailto:mhter...@jabber.org> > > http://twitter.com/mhterres > > http://identi.ca/mhterres > > **************************************** > > http://mundoopensource.blogspot.com/ > > http://www.propus.com.br > > Sent from Porto Alegre, RS, Brazil > > > > On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt< > > martin.schm...@uni-wuerzburg.de > > <mailto:martin.schm...@uni-wuerzburg.de>> wrote: > > > > > > Hi, > > > > I have a very similiar problem, but the story is > > an other: > > > > I migrated from sles 10 sp2 samba 3.0.24 to ubuntu > > 9.10 server samba 3.4.3 > > (pdc). The user-accounts were moved following this > > instruction: > > > http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. > > > > When some user now try to login to the domain from > > a xp-client following > > message appears at every login: "Your Windows > > password has expired and must > > be changed. You must change your password now!" > > The user can change the > > password and everything works fine. But at next > > login the same story. This > > happens only to some of the old users and to all > > users created after > > migration. Any idea what could be the reason for > > this? I already searched a > > lot but didn't find something like this. > > > > Thanks for any info. > > > > Regards, > > Martin > > > > Dipl.- Geogr. Martin Schmidt > > > > Würzburg University > > Department of Geography > > Remote Sensing Unit > > & > > German Remote Sensing Data Center (DFD) at > > German Aerospace Center (DLR) Oberpfaffenhofen > > > -------------------------------------------------------- > > Am Hubland > > 97074 Würzburg > > phone: +49 (931) 31-88179 > > fax: +49 (931) 888-5544 > > eMail: martin.schm...@uni-wuerzburg.de > > <mailto:martin.schm...@uni-wuerzburg.de> > > > > > > > > Here my smb.conf: > > > > [global] > > #log file = /var/log/samba.%m > > smb ports = 139 445 > > #root = administrator > > #DOMAIN ADMINS = root, administrator > > > > #----Allgemeine > > > Einstellungen-------------------------------------------------- > > #Workgroup > > netbios name = XXX #netbios aliases = XXX > > server string = XXX > > workgroup = XXX > > guest account = XXX > > > > > > > > > #-----Sicherheit-------------------------------------------------------------- > > > > #Nur Subnetz FE zulassen > > hosts deny = XXX > > hosts allow = XXX > > > > #Nur die Ethernet Karte 0 und Loopback zulassen > > interfaces = eth0 lo > > bind interfaces only = yes > > > > #Unbekannt Nutzer rejecten > > #map to guest = Never > > > > #Zugriff auf benutzerdefinierte Freigaben nicht > > erlauben > > #usershare allow guests = No > > > > #Kommunikation der Clients mit Samba auf User > Ebene > > #Passwort - Backend > > #passdb backend = tdbsam:/etc/samba/passdb.tdb > > passdb backend= smbpasswd security = user > > encrypt passwords = true smb passwd file = > > /etc/samba/smbpasswd > > passwd program = /usr/bin/smbpasswd %u > > unix password sync = false > > obey pam restrictions = yes > > > > #Fuer bestimmte Nutzer gibts extra smb.conf > Dateien > > config file = /etc/samba/smb.conf.%U > > > > > > #---- Roaming Profiles > > > ----------------------------------------------------- > > #Antworten auf WIN98/95 Anfragen > > domain logons = Yes > > logon path = \\%L\profiles\%U > > logon drive = Q: > > #logon script = logon.cmd > > > > #---- Browsing und Domain Master (PDC) > > ------------------------------------- > > #wins support = Yes > > #wins server = XXX > > #wins proxy = yes > > #PDC im Subnetz > > domain master = Yes > > local master = Yes > > preferred master = Yes > > os level = 65 > > #client-side caching policy > > #csc policy = disable > > > > > > > #----Benutzerverwaltung----------------------------------------------------- > > > > #Hinzufuegen einer Maschine ueber die Methode > > Benutzername/Passwort > > #add machine script = /usr/sbin/useradd -c > > Machine -d /var/lib/nobody -s > > /bin/false %m$ > > > > > > > #---Drucker---------------------------------------------------------------- > > > > load printers = no > > printing = bsd > > printcap name = /dev/null > > disable spoolss = yes > > > > > > > #----Tuning----------------------------------------------------------------- > > > > socket options = TCP_NODELAY IPTOS_LOWDELAY > > #Zeit zur Unterbrechung der Verbindung > > Server-Client bei Verlust des > > Clients > > deadtime = 10 > > #getwd cache = yes > > #kernel oplocks = no > > ldap suffix = > > log level = 1 > > #Sonstiger Mist > > #include = /etc/samba/dhcp.conf > > dos charset = CP850 > > display charset = ISO8859-1 > > unix charset = ISO8859-1 > > #oplock break wait time = 20 > > #oplocks = no > > #kernel oplocks = no > > > > #---- Zeit-Server > > > ---------------------------------------------------------- > > time server = true > > > > ################################### > > # Anmeldung Freigaben ############# > > ################################### > > > > [homes] > > comment = Home Directories > > valid users = %S, %D%w%S > > browseable = No > > read only = No > > inherit acls = Yes > > create mask = 0664 > > directory mask = 0775 > > > > [profiles] > > comment = Network Profiles Service > > path = /home/samba/windowsprofiles > > hide files = /desktop.ini/ > > read only = No > > browseable = No > > guest ok = Yes > > writable = Yes > > printable = No > > store dos attributes = Yes > > create mask = 0700 > > directory mask = 0700 > > > > [netlogon] > > comment = Network Logon Service2 > > path = /home/samba/netlogon/%g > > guest ok = Yes > > browseable = No > > read only = No > > writable = Yes > > > > > > ################################### > > # Freigaben ####################### > > ################################### > > ... > > > > > > > > > > Marcelo Terres schrieb: > > > > Hi. > > > > I enabled policies with pdbedit. Password must > > be changed every 90 days > > and > > must contain at least 8 characters. I enabled > > password history too. > > > > After that (I tried it in samba 3.4.3 and > > 3.0.25 with same behaviour) > > every > > time a user try to log in the domain using > > Windows receives a "Your > > password > > expires today. Do you want to change it now ?" > > message box. If the > > password > > is changed, the message appear again next time > > the user try to login. If > > the > > user answers no the same thing happens in the > > next login. > > > > I tested it with a lot of users and changed > > the passwords several times > > and > > the problem continues. > > > > Anybody have some idea about this problem ? > > > > Thanks in advance. > > > > Regards, > > > > Marcelo H. Terres > > mhter...@gmail.com <mailto:mhter...@gmail.com> > > **************************************** > > ICQ: 6649932 > > MSN: mhter...@hotmail.com > > <mailto:mhter...@hotmail.com> > > Jabber: mhter...@jabber.org > > <mailto:mhter...@jabber.org> > > http://twitter.com/mhterres > > http://identi.ca/mhterres > > **************************************** > > http://mundoopensource.blogspot.com/ > > http://www.propus.com.br > > Sent from Porto Alegre, RS, Brazil > > > > > > > > -- > > To unsubscribe from this list go to the following > > URL and read the > > instructions: > > https://lists.samba.org/mailman/options/samba > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > > > Marcelo H. Terres > > mhter...@gmail.com <mailto:mhter...@gmail.com> > > **************************************** > > ICQ: 6649932 > > MSN: mhter...@hotmail.com <mailto:mhter...@hotmail.com> > > Jabber: mhter...@jabber.org <mailto:mhter...@jabber.org> > > http://twitter.com/mhterres > > http://identi.ca/mhterres > > **************************************** > > http://mundoopensource.blogspot.com/ > > http://www.propus.com.br > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/chbrowser -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba