just tested it again on fresh SuSE 10.1 and own build of samba 3.0.23a.
everything works fine except of the "password expired" message, but i
can live with that for now.
thx!
Peter Trifonov wrote:
Hi Michael,
thx for your response. so what's the difference in our
setups? could you please post your samba DC version, pam
settings and smb.conf of the member?
09:59:23 humevo36 pam_winbind[27853]: user 'gasch' needs new password
Aug 1 09:59:27 humevo36 su: FAILED SU (to gasch) gasch on dev/pts/3
It seems to me that I have similar problem. However, su
succeeds and just writes to the console "Your password has expired"
what about logins? can you login successfully?
Yes, all pam-based services (pop3, su, etc) permit login.
Some of them (like su) inform the user that he needs to change the
password.
The network has two domain controllers - Win2000 and Win2003 servers.
Samba 3.0.23a is installed on FreeBSD 6.1 box.
Please see below my smb.conf
[global]
dos charset = CP866
workgroup = RESEARCH
realm = RESEARCH.DCN
netbios name = MASTER
server string = Public file server
security = ADS
password server =
username map = /usr/local/etc/smbusers
unix extensions = No
wins server = 10.0.103.5
ldap ssl = no
idmap uid = 20000-30000
idmap gid = 20000-30000
template shell = /usr/local/bin/bash
winbind separator = /
winbind use default domain = Yes
[shared directory configuration goes below]
It seems that the "password expired" message originates from the following
piece of code in pam_winbind.c
case 0:
pam_get_data( pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, (void
**)&tmp);
if (tmp != NULL) {
retval = atoi(tmp);
switch (retval) {
case PAM_AUTHTOK_EXPIRED:
/* fall through, since new token is required
in this case */
case PAM_NEW_AUTHTOK_REQD:
_pam_log(LOG_WARNING, "pam_sm_acct_mgmt
success but %s is set",
PAM_WINBIND_NEW_AUTHTOK_REQD);
_pam_log(LOG_NOTICE, "user '%s' needs new
password", username);
/* PAM_AUTHTOKEN_REQD does not exist, but is
documented in the manpage */
return PAM_NEW_AUTHTOK_REQD;
default:
_pam_log(LOG_WARNING, "pam_sm_acct_mgmt
success");
_pam_log(LOG_NOTICE, "user '%s' granted
access", username);
return PAM_SUCCESS;
}
}
With best regards,
P. Trifonov
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
49 (0)341 - 3550 374
Fax: 49 (0)341 - 3550 399
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
