use pdbedit or your web-based ldap manager to update the account flags
to [UX]. document the previous value before changing the flags. Use
smbldap tools to update the expire time. if none of this fixes it, post
an ldif if an affected user account, as well as all the info from
smbldap-tools about said user.
On 6/16/2011 06:39, Fabio Pardi wrote:
Hi everybody,
I think i need a samba guru to solve this issue, because googling for
months did not help and the problem is becoming pressing.
I'm facing an annoying problem with samba. In detail, there is something
wrong with the password handling. It happens from windows, mac or linux
clients.
Randomly (probably after $num days), the system asks to the user to
change the password. After the user did it, the system keeps asking the
same, in a sort of loop.
The only option to change it is to manually go on the console and issue
the command "smbldap-passwd username".
My system:
ubuntu lucid 32 bit
smb.conf
----cut---
[global]
idmap uid = 1000-15000
idmap gid = 1000-15000
workgroup = PORTAVITA
netbios name = PSAMBA
domain logons = Yes
domain master = Yes
wins support = true
obey pam restrictions = Yes
dns proxy = No
log level = 2
os level = 35
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
pam password change = Yes
# Allows users on WinXP PCs to change their password when they
press Ctrl-Alt-Del
unix password sync = no
ldap passwd sync = yes
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=pdc
ldap admin dn = cn=admin,dc=pdc
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap ssl = no
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
#those scripts are modified so we can create groups also on the system
add group script = /usr/sbin/addgroupldap-system '%g'
delete group script = /usr/sbin/delgroupldap-system '%g'
add user to group script
= /usr/sbin/add-user-to-group-ldap-system '%u' '%g'
add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u'
'%g'
delete user from group script
= /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%
u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon drive =
logon home =
logon path =
logon script = users/login.bat
server signing = auto
server schannel = Auto
nt acl support = yes
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
browseable = No
logon script = login.bat
[Software]
comment = Software Folder
path = /share/software
create mask = 0777
directory mask = 0777
read only = no
writable = yes
browsable = yes
invalid users =guest123
[progr]
comment = Prog Folder
path = /share/prog
create mask = 0777
directory mask = 0777
read only = no
writable = yes
browsable = yes
invalid users =guest123
----cut----
samba version from package is 3.4.7
ldapadd -V
ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $
buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools
(LDAP library: OpenLDAP 20421)
SASL/DIGEST-MD5 authentication started
Any help or suggestion is strongly appreciated.
Regards,
Fabio
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
