Re: [Samba] sambaPwdMustChange

[Adam Tauno Williams]

On Sun, 2011-12-18 at 20:31 -0800, yudi shiddiq wrote:
> I want to ask something about implementing sambapwdmustchange, my goal
> is to force user to change password, then i setting on
> pla(phpldapadmin) on "sambaPwdMustChange" to "0", but there's no
> affect to user, what's the problem occure?

It works; although you don't need to set it to "0".  It is a timestamp,
any low value will work.

But this setting doesn't mean anything if you haven't defined a password
policy for the domain.

-- 
System & Network Administrator [ LPI & NCLA ]

OpenGroupware Developer 
Adam Tauno Williams

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] sambaPwdMustChange

[yudi shiddiq]

Hello all, need your advice please.



 From: yudi shiddiq 
To: "samba@lists.samba.org"  
Sent: Monday, December 12, 2011 8:50 AM
Subject: [Samba] sambaPwdMustChange
 
Hallo all,

I want to ask something about implementing sambapwdmustchange, my goal is to 
force user to change password, then i setting on pla(phpldapadmin) on 
"sambaPwdMustChange" to "0", but there's no affect to user, what's the problem 
occure?

Thank you very much for any response.

Regards,
Yudi
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] sambaPwdMustChange

[yudi shiddiq]

Hallo all,

I want to ask something about implementing sambapwdmustchange, my goal is to 
force user to change password, then i setting on pla(phpldapadmin) on 
"sambaPwdMustChange" to "0", but there's no affect to user, what's the problem 
occure?

Thank you very much for any response.

Regards,
Yudi
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] sambaPwdMustChange not synced on PDC from BDC

[David Markey]

This caught me out too.

sambaPwdMustChange has been phased out since late in the 3.0 series. It is
ignored.

The password expiry is calculated on the fly from sambaPwdLastChange +
sambaMaxPwdAge(Domain entry)


You will have to run the same version of samba on both PDC and BDC.





On Tue, 01 Sep 2009 22:34:41 +0200, Michael Ströder 
wrote:
> nogenetics nogenetics wrote:
>> On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics <
>> nnogenet...@gmail.com> wrote:
>>> I have a PDC/BDC samba/ldap environment.
>>> PDC:
>>> samba 3.0.24
>>> slapd 2.3.30
>>>
>>> BDC:
>>> samba 3.2.5
>>> slapd 2.4.11
>>>
>>> Ldap replication is working fine, but I have noticed two issues
>>>
>>> 1- when a windows user change password on BDC, sambaPwdMustChange and
>>> sambaPwdCanChange is not synced on PDC
>>> (using ldap passwd sync = yes and unix password sync = no)
>>>
>>> 2- when using 'net sam set pwdmustchange'  on PDC, sambaPwdMustChange
is
>>> not synced on BDC
>>>
>>> Anyone can point me what's wrong?
>>>
>>> About issue 1-  , I can use unix password sync = yes and ldap passwd
>>> sync =
>>> no (using smbldap-passwd) as workaround, but windows user get that
>>> annoying
>>> warning message (decode_pw_buffer-incorrect-password-length topic).  Is
>>> there a way to avoid this warning message?
>>> This is a issue many users are experiencing.
>>>
>>> Thanks in advance for your time
>>>
>>>
>> Bump!
>> No hints?
> 
> How are you sure you don't run into OpenLDAP replication problems? The
> OpenLDAP versions you're running are quite old. slapd 2.3.x is not
actively
> supported anymore. There also were interop issues fixed regarding
> replication
> between 2.3.x and 2.4.x and numerous syncrepl fixes for 2.4.x. You should
> definitely upgrade your OpenLDAP installations.
> 
> Ciao, Michael.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] sambaPwdMustChange not synced on PDC from BDC

[Michael Ströder]

nogenetics nogenetics wrote:
> On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics <
> nnogenet...@gmail.com> wrote:
>> I have a PDC/BDC samba/ldap environment.
>> PDC:
>> samba 3.0.24
>> slapd 2.3.30
>>
>> BDC:
>> samba 3.2.5
>> slapd 2.4.11
>>
>> Ldap replication is working fine, but I have noticed two issues
>>
>> 1- when a windows user change password on BDC, sambaPwdMustChange and
>> sambaPwdCanChange is not synced on PDC
>> (using ldap passwd sync = yes and unix password sync = no)
>>
>> 2- when using 'net sam set pwdmustchange'  on PDC, sambaPwdMustChange is
>> not synced on BDC
>>
>> Anyone can point me what's wrong?
>>
>> About issue 1-  , I can use unix password sync = yes and ldap passwd sync =
>> no (using smbldap-passwd) as workaround, but windows user get that annoying
>> warning message (decode_pw_buffer-incorrect-password-length topic).  Is
>> there a way to avoid this warning message?
>> This is a issue many users are experiencing.
>>
>> Thanks in advance for your time
>>
>>
> Bump!
> No hints?

How are you sure you don't run into OpenLDAP replication problems? The
OpenLDAP versions you're running are quite old. slapd 2.3.x is not actively
supported anymore. There also were interop issues fixed regarding replication
between 2.3.x and 2.4.x and numerous syncrepl fixes for 2.4.x. You should
definitely upgrade your OpenLDAP installations.

Ciao, Michael.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] sambaPwdMustChange not synced on PDC from BDC

[nogenetics nogenetics]

On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics <
nnogenet...@gmail.com> wrote:

> Hi
> I have a PDC/BDC samba/ldap environment.
>
>
> PDC:
> samba 3.0.24
> slapd 2.3.30
>
> BDC:
> samba 3.2.5
> slapd 2.4.11
>
> Ldap replication is working fine, but I have noticed two issues
>
> 1- when a windows user change password on BDC, sambaPwdMustChange and
> sambaPwdCanChange is not synced on PDC
> (using ldap passwd sync = yes and unix password sync = no)
>
> 2- when using 'net sam set pwdmustchange'  on PDC, sambaPwdMustChange is
> not synced on BDC
>
> Anyone can point me what's wrong?
>
> About issue 1-  , I can use unix password sync = yes and ldap passwd sync =
> no (using smbldap-passwd) as workaround, but windows user get that annoying
> warning message (decode_pw_buffer-incorrect-password-length topic).  Is
> there a way to avoid this warning message?
> This is a issue many users are experiencing.
>
> Thanks in advance for your time
>
>
Bump!
No hints?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] sambaPwdMustChange not synced on PDC from BDC

[nogenetics nogenetics]

On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics <
nnogenet...@gmail.com> wrote:

>
> 2- when using 'net sam set pwdmustchange'  on PDC, sambaPwdCanChange is not
> synced on BDC
>
>
>
typo, I mean

SambaPwdMustChange
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] sambaPwdMustChange not synced on PDC from BDC

[nogenetics nogenetics]

Hi
I have a PDC/BDC samba/ldap environment.


PDC:
samba 3.0.24
slapd 2.3.30

BDC:
samba 3.2.5
slapd 2.4.11

Ldap replication is working fine, but I have noticed two issues

1- when a windows user change password on BDC, sambaPwdMustChange and
sambaPwdCanChange is not synced on PDC
(using ldap passwd sync = yes and unix password sync = no)

2- when using 'net sam set pwdmustchange'  on PDC, sambaPwdCanChange is not
synced on BDC

Anyone can point me what's wrong?

About issue 1-  , I can use unix password sync = yes and ldap passwd sync =
no (using smbldap-passwd) as workaround, but windows user get that annoying
warning message (decode_pw_buffer-incorrect-password-length topic).  Is
there a way to avoid this warning message?
This is a issue many users are experiencing.

Thanks in advance for your time
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] sambaPwdMustChange

[Thao Vo]

Hello,

My customer said she wants to modify sambaPwdMustChange from Integer to BIG
Integer so it will accept
a 19 character string, for example:
   9223372036854775807

But I look at this attribute:

attributetypes=( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC
'Timestamp of when the
password will expire'  EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )


and don't know how I could do it.

I'm really appreciated any hints you can give.

Best regards,
Thao Vo
---
Software Engineer
IBM Tivoli Directory Server
E-Mail:[EMAIL PROTECTED]
Phone:(512) 286-3194
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] sambaPwdMustChange attribute didn't get updated (3.0.27a)

[Markus Kahle]

Hi there,

i got into some trouble after updating my samba installation to 3.0.27a. 
My installation uses Samba-3.0.27a,OpenLDAP-2.2.13,smbldap-tools-0.9.2 
as a PDC NT4-domain.Originally I used the installation-guide from 
smbldap-tools and everything worked fine. I also limited the access to 
LDAP as told in the installation-guide with no problems.
After updating to 3.0.27a i realized that when using the usrmgr.exe, the 
password preferences in policies -> accounts didn't got saved - only the 
password-length option got saved.
After doing some research, i managed to solve this by adding the 
following LDAP attributes to the access rules in slapd.conf:


sambaMinPwdLength
sambaPwdHistoryLength
sambaLogonToChgPwd
sambaMaxPwdAge
sambaMinPwdAge
sambaLockoutDuration
sambaLockoutObservationWindow
sambaLockoutThreshold
sambaForceLogoff
sambaRefuseMachinePwdChange

But one problem still exists:

If Windows-users change their password via the normal Windows dialog, 
the password got changed in LDAP , also the sambaLastChange attribute 
got updated , BUT sambaPwdCanChange and sambaPwdMustChange attributes 
didn't update and so all the Maximum Password Age stuff, including 
remind users of their password expiration and force user to change their 
 password if expire didn't work anymore.


I can't find any other maybe access right problems within ldap, so why 
the sambaPwdMustChange Attribute didn't update ??


The problem also exist when adding a new user. After the user change his 
password at first login, the sambaPwdMustChange Attribute didn't update.



slapd.conf digest
--
access to 
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange

by dn="cn=samba,ou=DSA,dc=bel-gmbh,dc=lan" write
by dn="cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan" write
by dn="cn=nssldap,ou=DSA,dc=bel-gmbh,dc=lan" write
by self write
by anonymous auth
by * none

access to 
attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid

by dn="cn=samba,ou=DSA,dc=bel-gmbh,dc=lan" write
by dn="cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan" write
by * read

access to 
attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname

by dn="cn=samba,ou=DSA,dc=bel-gmbh,dc=lan" write
by dn="cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan" write
by self write
by * read

access to 
attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,

sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,
sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,
sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,
sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,
sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption,sambaMinPwdLength,sambaPwdHistoryLength,
sambaLogonToChgPwd,sambaMaxPwdAge,sambaMinPwdAge,sambaLockoutDuration,sambaLockoutObservationWindow,sambaLockoutThreshold,
sambaForceLogoff,sambaRefuseMachinePwdChange
by dn="cn=samba,ou=DSA,dc=bel-gmbh,dc=lan" write
by dn="cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan" write
by self read
by * none

access to dn.base="dc=bel-gmbh,dc=lan"
by dn="cn=samba,ou=DSA,dc=bel-gmbh,dc=lan" write
by dn="cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan" write
by * none

access to dn="ou=Users,dc=bel-gmbh,dc=lan"
by dn="cn=samba,ou=DSA,dc=bel-gmbh,dc=lan" write
by dn="cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan" write
by * none

access to dn="ou=Groups,dc=bel-gmbh,dc=lan"
by dn="cn=samba,ou=DSA,dc=bel-gmbh,dc=lan" write
by dn="cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan" write
by * none

access to dn="ou=Computers,dc=bel-gmbh,dc=lan"
by dn="cn=samba,ou=DSA,dc=bel-gmbh,dc=lan" write
by dn="cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan" write
by * none

access to *
by self read
by * read
--


Thanks in advance for all hints and suggestions..



Bye,

Markus Kahle

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaPwdMustChange

[Ryan Novosielski]

Does this flag now do something? Last I checked, X was unused.
 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - User Support Spec. III
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
On Mon, 17 Jan 2005, Gustavo Lima wrote:
Patrick,
This number is a timestamp. To figure out what day it means paste it in this 
url http://www.4webhelp.net/us/timestamp.php?action=stamp&stamp=&timezone=0

To set an account to never expire it´s password you have to set 
sambaacctflags to [UX]

Regards,
Gustavo
- Original Message - From: "Patrick DUBAU" 
<[EMAIL PROTECTED]>
To: 
Sent: Monday, January 17, 2005 1:14 PM
Subject: [Samba] sambaPwdMustChange


Hi,
i have samba 3.0.10 installed with LDAP.
I noticed few days ago that my adminsitrator account has expired. I think 
it's because of the sambaPwdMustChange field of LDAP. I changed the passwd 
now i have the value 1108741705 in it. What does it mean (when will i be 
prompted again to change my passwd) and do i have to put in this field so 
that the password will never expire ?

Thanks for any help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaPwdMustChange

[kent]

Another time converter is a perl script amtime.pl that can be used in
shell scripts to convert back and forth between seconds and human readable
time.

http://www.unixreview.com/documents/s=1344/ur0307g/ur0307g_script.htm


Kent N

> Patrick,
>
> This number is a timestamp. To figure out what day it means paste it in
> this
> url
> http://www.4webhelp.net/us/timestamp.php?action=stamp&stamp=&timezone=0
>
> To set an account to never expire it´s password you have to set
> sambaacctflags to [UX]
>
> Regards,
>
> Gustavo
>
>
> - Original Message -
> From: "Patrick DUBAU" <[EMAIL PROTECTED]>
> To: 
> Sent: Monday, January 17, 2005 1:14 PM
> Subject: [Samba] sambaPwdMustChange
>
>
>> Hi,
>>
>> i have samba 3.0.10 installed with LDAP.
>> I noticed few days ago that my adminsitrator account has expired. I
>> think
>> it's because of the sambaPwdMustChange field of LDAP. I changed the
>> passwd
>> now i have the value 1108741705 in it. What does it mean (when will i be
>> prompted again to change my passwd) and do i have to put in this field
>> so
>> that the password will never expire ?
>>
>> Thanks for any help
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: Antwort: Re: [Samba] sambaPwdMustChange

[Patrick DUBAU]

Just thanks for all for your answers. Things are now clear for me.
[EMAIL PROTECTED] a écrit :
with acctflags set to UX our users are not forced to changed the 
password, but the dialog to change the password comes up, when the 
password is expired. The User can cancel the dialog. So we set 
sambaPwdMustChange to 99 and have peace.
regards MW

Mathias Wohlfarth EDV-Beratung
Thomas-Mann-Str.1
53111 Bonn
Tel.0172 / 53 45 591
   01801 / 777 555 33 01
Fax0228 / 9469181
Email[EMAIL PROTECTED]

*"Gustavo Lima" <[EMAIL PROTECTED]>*
Gesendet von: [EMAIL PROTECTED]
17.01.2005 16:32
	   
An:"Patrick DUBAU" <[EMAIL PROTECTED]>, 

Kopie:
    Thema:    Re: [Samba] sambaPwdMustChange


Patrick,
This number is a timestamp. To figure out what day it means paste it 
in this
url 
http://www.4webhelp.net/us/timestamp.php?action=stamp&stamp=&timezone=0

To set an account to never expire it´s password you have to set
sambaacctflags to [UX]
Regards,
Gustavo
- Original Message -
From: "Patrick DUBAU" <[EMAIL PROTECTED]>
To: 
Sent: Monday, January 17, 2005 1:14 PM
Subject: [Samba] sambaPwdMustChange
> Hi,
>
> i have samba 3.0.10 installed with LDAP.
> I noticed few days ago that my adminsitrator account has expired. I 
think
> it's because of the sambaPwdMustChange field of LDAP. I changed the 
passwd
> now i have the value 1108741705 in it. What does it mean (when will 
i be
> prompted again to change my passwd) and do i have to put in this 
field so
> that the password will never expire ?
>
> Thanks for any help
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Antwort: Re: [Samba] sambaPwdMustChange

[Mathias . Wohlfarth]

with acctflags set to UX our users are not forced to changed the password, 
but the dialog to change the password comes up, when the password is 
expired. The User can cancel the dialog. So we set sambaPwdMustChange to 
99 and have peace.
regards MW 

Mathias Wohlfarth EDV-Beratung
Thomas-Mann-Str.1
53111 Bonn
Tel.0172 / 53 45 591
01801 / 777 555 33 01
Fax 0228 / 9469181
Email   [EMAIL PROTECTED]




"Gustavo Lima" <[EMAIL PROTECTED]>
Gesendet von: [EMAIL PROTECTED]
17.01.2005 16:32
 
An: "Patrick DUBAU" <[EMAIL PROTECTED]>, 

    Kopie: 
Thema:  Re: [Samba] sambaPwdMustChange


Patrick,

This number is a timestamp. To figure out what day it means paste it in 
this 
url 
http://www.4webhelp.net/us/timestamp.php?action=stamp&stamp=&timezone=0

To set an account to never expire it´s password you have to set 
sambaacctflags to [UX]

Regards,

Gustavo


- Original Message - 
From: "Patrick DUBAU" <[EMAIL PROTECTED]>
To: 
Sent: Monday, January 17, 2005 1:14 PM
Subject: [Samba] sambaPwdMustChange


> Hi,
>
> i have samba 3.0.10 installed with LDAP.
> I noticed few days ago that my adminsitrator account has expired. I 
think 
> it's because of the sambaPwdMustChange field of LDAP. I changed the 
passwd 
> now i have the value 1108741705 in it. What does it mean (when will i be 

> prompted again to change my passwd) and do i have to put in this field 
so 
> that the password will never expire ?
>
> Thanks for any help
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaPwdMustChange

[Daniel Wilson]

The number (1108741705) is a unix time stamp (number of seconds since 
1st jan 1970)  use this webs ite to convert it to a readable date 
(http://www.4webhelp.net/us/timestamp.php), the number you have provided 
tells me that your password will expire on (1108741705 translates to 
*Friday, February 18^th 2005, 15:48:25 (GMT))

if you dont want it to expire create a date for 30 years time or so?
bash# perl -e 'print time+94608;'
this should always give you a unixtime stamp in 30 years time!
This will make your password expire in 2035 !!
*
Patrick DUBAU wrote:
Hi,
i have samba 3.0.10 installed with LDAP.
I noticed few days ago that my adminsitrator account has expired. I 
think it's because of the sambaPwdMustChange field of LDAP. I changed 
the passwd now i have the value 1108741705 in it. What does it mean 
(when will i be prompted again to change my passwd) and do i have to 
put in this field so that the password will never expire ?

Thanks for any help
--

Daniel Wilson
Systems Administrator
IT & Communications Service
University of Sunderland
Unit1 Technology Park
Chester Road
Sunderland
SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. 
It is the responsibility of the recipient to ensure that this message and its attachments are virus free. 
Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically
stated.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaPwdMustChange

[Gustavo Lima]

Patrick,
This number is a timestamp. To figure out what day it means paste it in this 
url http://www.4webhelp.net/us/timestamp.php?action=stamp&stamp=&timezone=0

To set an account to never expire it´s password you have to set 
sambaacctflags to [UX]

Regards,
Gustavo
- Original Message - 
From: "Patrick DUBAU" <[EMAIL PROTECTED]>
To: 
Sent: Monday, January 17, 2005 1:14 PM
Subject: [Samba] sambaPwdMustChange


Hi,
i have samba 3.0.10 installed with LDAP.
I noticed few days ago that my adminsitrator account has expired. I think 
it's because of the sambaPwdMustChange field of LDAP. I changed the passwd 
now i have the value 1108741705 in it. What does it mean (when will i be 
prompted again to change my passwd) and do i have to put in this field so 
that the password will never expire ?

Thanks for any help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] sambaPwdMustChange

[Patrick DUBAU]

Hi,
i have samba 3.0.10 installed with LDAP.
I noticed few days ago that my adminsitrator account has expired. I 
think it's because of the sambaPwdMustChange field of LDAP. I changed 
the passwd now i have the value 1108741705 in it. What does it mean 
(when will i be prompted again to change my passwd) and do i have to put 
in this field so that the password will never expire ?

Thanks for any help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] sambaPwdMustChange not properly set with smbldap

[[EMAIL PROTECTED]]

I'm using samba 3.0.6 on fedora core 1 with LDAP enabled and smbldap-tools.

When I change a user password with smbldap-passwd , i find that
sambaPwdMustChange attribute is correctly set to 30 days later as set in
smbldap_conf.

But, if I try to change password from any Win2000 or WinXP client with
CTRL+ALT+CANC --> CHANGE PASSWORD i notice that sambaPwdMustChange attribute is
always set to 2147483647.

I have tryed different setups in smb.conf but nothing has changed.

Here is last config.

   security = user
 
 
 
  password level = 8
  username level = 8
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  
  

  passdb backend = ldapsam:"ldap://localhost"; smbpasswd
  ldap suffix = dc=myfactory,dc=mycountry
  ldap admin dn = cn=Manager,dc=myfactory,dc=mycountry
  ldap ssl = no
  ldap group suffix = ou=Group
  ldap machine suffix = ou=Machine
  ldap user suffix = ou=People
   
 

  passwd program = /usr/local/sbin/smbldap-passwd.pl -u %u
  passwd chat = *new*password* %n\n *Retype*new*password* %n\n *successfully*
  passwd chat debug = yes
  #unix password sync = Yes
  ldap passwd sync = yes
  admin users = root, administrator
 
 
 
  add user script = /usr/local/sbin/smbldap-useradd.pl -a
  delete user script = /usr/local/sbin/smbldap-useradd.pl -d
  add group script = /usr/local/sbin/smbldap-useradd.pl -a -g
  delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g
  add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u
  delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u
  set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u
  add machine script = /usr/local/sbin/smbldap-useradd.pl -a -m
#  unix password sync = Yes
#  passwd program = /usr/bin/passwd %u
#  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*

Any idea?

thanks!

ciao

luca




Libero ADSL Free - Velocita' 1280 Kbit/s, attivazione e traffico 2004 gratis!
Abbonati su http://www.libero.it 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re[2]: [Samba] sambaPwdMustChange

[Adam Williams]

> in that case, you need the pdbediter...
> but "pdbedit -P "maximum password age" -C 7776000"
> is that used for all users, or just 1.. ??
> let's say that i issue the above command, does all my users have
> to change after 90 day's ?? or just 1 dude.. (coz' there is no
> username in the command..)

It is a server policy, thus all users in the domain the server controls.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re[2]: [Samba] sambaPwdMustChange

[Collen Blijenberg]

Hmm.. i'm wondering the follow, there are some
passwd backends, where that lame usermanager from
micr0s0ft doen't work (https://bugzilla.samba.org/show_bug.cgi?id=892)

in that case, you need the pdbediter...
but "pdbedit -P "maximum password age" -C 7776000"
is that used for all users, or just 1.. ??
let's say that i issue the above command, does all my users have
to change after 90 day's ?? or just 1 dude.. (coz' there is no
username in the command..)

also, i still need the command for my GUI usermanager..!
l8r..
-
Collen Blijenberg   (Montessori Lyceum Herman Jordan)

Wednesday, May 26, 2004, 10:16:56 PM, you wrote:

>> Oh,
>>
>> Its done by MS Windows. I think the counter start warns at 15 days before
>> password change.
>>
>> > Yes, I try it. It is cool, I set in samba to 90 days and I see it in
>> > usrmgr. :)
>> >
>> > But how can I send message to user (that he must change password) when
>>
>> user
>>
>> > log into?
>> >
>> > > Hi guy,
>> > >
>> > > You can use Micro$oft usrmgr to set account policies to you domain.
>> > > > Hi guys!
>> > > >
>> > > > I wanna to setup my 3.0.1 samba PDC (with tdbsam) to force user to
>>
>> change
>>
>> > > > password.
>> > > >
>> > > > I read this:
>> > > >
>> > > > "When I set password lifetime to, say 90 days using
>> > > > pdbedit -P "maximum password age" -C 7776000
>> > > >
>> > > > Attribute "Password must change" is calculated using this formula :
>> > > >
>> > > > sambaPwdMustChange = sambaPwdLastSet + 90 days.
>> > > >
>> > > > Is it possible to get "warning message" before actually force user to
>> > > > change their password, I mean is it possible to get this formula:
>> > > >
>> > > > sambaPwdMustChange = (sambaPwdLastSet + 90 days) - 10 days"
>> > > >
>> > > > pdbedit setting is okay.
>> > > >
>> > > > but what about sambaPwdMustChange? Should I write it to my smb.conf?
>> > > >
>> > > > But, I write it and testparm says:
>> > > >Unknown parameter encountered: "sambaPwdMustChange"
>> > > >Ignoring unknown parameter "sambaPwdMustChange"
>> > > >
>> > > > So, how can I do this?
>> > > >


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaPwdMustChange

[lanrol]

okey, and if I want to change it only 5 days, how can I do this?

szerda 26 május 2004 13:45 dátummal [EMAIL PROTECTED] ezt írta:
> Oh,
>
> Its done by MS Windows. I think the counter start warns at 15 days before
> password change.
>
> ---
> Emerson Henrique Kfuri Pereira
>
> DivisĂŁo de Atendimento e Consultoria
> CECOM - Reitoria - UFMG
> Telefone: 34994009
> ---
>
> [EMAIL PROTECTED] wrote on 25/05/2004
>
> 17:49:35:
> > Yes, I try it. It is cool, I set in samba to 90 days and I see it in
> > usrmgr. :)
> >
> > But how can I send message to user (that he must change password) when
>
> user
>
> > log into?
> >
> > kedd 25 mĂĄjus 2004 22:31 dĂĄtummal [EMAIL PROTECTED] ezt Ă­rta:
> > > Hi guy,
> > >
> > > You can use Micro$oft usrmgr to set account policies to you domain.
> > >
> > > ---
> > > Emerson Henrique Kfuri Pereira
> > >
> > > DivisÄ?o de Atendimento e Consultoria
> > > CECOM - Reitoria - UFMG
> > > Telefone: 34994009
> > > ---
> > >
> > > [EMAIL PROTECTED] wrote on 25/05/2004
> > >
> > > 17:10:35:
> > > > Hi guys!
> > > >
> > > > I wanna to setup my 3.0.1 samba PDC (with tdbsam) to force user to
>
> change
>
> > > > password.
> > > >
> > > > I read this:
> > > >
> > > > "When I set password lifetime to, say 90 days using
> > > > pdbedit -P "maximum password age" -C 7776000
> > > >
> > > > Attribute "Password must change" is calculated using this formula :
> > > >
> > > > sambaPwdMustChange = sambaPwdLastSet + 90 days.
> > > >
> > > > Is it possible to get "warning message" before actually force user to
> > > > change their password, I mean is it possible to get this formula:
> > > >
> > > > sambaPwdMustChange = (sambaPwdLastSet + 90 days) - 10 days"
> > > >
> > > > pdbedit setting is okay.
> > > >
> > > > but what about sambaPwdMustChange? Should I write it to my smb.conf?
> > > >
> > > > But, I write it and testparm says:
> > > >Unknown parameter encountered: "sambaPwdMustChange"
> > > >Ignoring unknown parameter "sambaPwdMustChange"
> > > >
> > > > So, how can I do this?
> > > >
> > > > --
> > > >
> > > > regars, Roland
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions:  http://lists.samba.org/mailman/listinfo/samba--
> > >
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> > --
> >
> > Udv, Roland
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 

Udv, Roland
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaPwdMustChange

[daves-jr]

Oh,

Its done by MS Windows. I think the counter start warns at 15 days before
password change.

---
Emerson Henrique Kfuri Pereira

DivisÃo de Atendimento e Consultoria
CECOM - Reitoria - UFMG
Telefone: 34994009
---

[EMAIL PROTECTED] wrote on 25/05/2004
17:49:35:

> Yes, I try it. It is cool, I set in samba to 90 days and I see it in
> usrmgr. :)
>
> But how can I send message to user (that he must change password) when
user
> log into?
>
> kedd 25 mÃjus 2004 22:31 dÃtummal [EMAIL PROTECTED] ezt Ãrta:
> > Hi guy,
> >
> > You can use Micro$oft usrmgr to set account policies to you domain.
> >
> > ---
> > Emerson Henrique Kfuri Pereira
> >
> > DivisÄo de Atendimento e Consultoria
> > CECOM - Reitoria - UFMG
> > Telefone: 34994009
> > ---
> >
> > [EMAIL PROTECTED] wrote on 25/05/2004
> >
> > 17:10:35:
> > > Hi guys!
> > >
> > > I wanna to setup my 3.0.1 samba PDC (with tdbsam) to force user to
change
> > >
> > > password.
> > >
> > > I read this:
> > >
> > > "When I set password lifetime to, say 90 days using
> > > pdbedit -P "maximum password age" -C 7776000
> > >
> > > Attribute "Password must change" is calculated using this formula :
> > >
> > > sambaPwdMustChange = sambaPwdLastSet + 90 days.
> > >
> > > Is it possible to get "warning message" before actually force user to
> > > change their password, I mean is it possible to get this formula:
> > >
> > > sambaPwdMustChange = (sambaPwdLastSet + 90 days) - 10 days"
> > >
> > > pdbedit setting is okay.
> > >
> > > but what about sambaPwdMustChange? Should I write it to my smb.conf?
> > >
> > > But, I write it and testparm says:
> > >Unknown parameter encountered: "sambaPwdMustChange"
> > >Ignoring unknown parameter "sambaPwdMustChange"
> > >
> > > So, how can I do this?
> > >
> > > --
> > >
> > > regars, Roland
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba--
> >
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> --
>
> Udv, Roland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaPwdMustChange

[lanrol]

Yes, I try it. It is cool, I set in samba to 90 days and I see it in 
usrmgr. :)

But how can I send message to user (that he must change password) when user 
log into?

kedd 25 május 2004 22:31 dátummal [EMAIL PROTECTED] ezt írta:
> Hi guy,
>
> You can use Micro$oft usrmgr to set account policies to you domain.
>
> ---
> Emerson Henrique Kfuri Pereira
>
> Divisăo de Atendimento e Consultoria
> CECOM - Reitoria - UFMG
> Telefone: 34994009
> ---
>
> [EMAIL PROTECTED] wrote on 25/05/2004
>
> 17:10:35:
> > Hi guys!
> >
> > I wanna to setup my 3.0.1 samba PDC (with tdbsam) to force user to change
> >
> > password.
> >
> > I read this:
> >
> > "When I set password lifetime to, say 90 days using
> > pdbedit -P "maximum password age" -C 7776000
> >
> > Attribute "Password must change" is calculated using this formula :
> >
> > sambaPwdMustChange = sambaPwdLastSet + 90 days.
> >
> > Is it possible to get "warning message" before actually force user to
> > change their password, I mean is it possible to get this formula:
> >
> > sambaPwdMustChange = (sambaPwdLastSet + 90 days) - 10 days"
> >
> > pdbedit setting is okay.
> >
> > but what about sambaPwdMustChange? Should I write it to my smb.conf?
> >
> > But, I write it and testparm says:
> >Unknown parameter encountered: "sambaPwdMustChange"
> >Ignoring unknown parameter "sambaPwdMustChange"
> >
> > So, how can I do this?
> >
> > --
> >
> > regars, Roland
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba--
>
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 

Udv, Roland
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sambaPwdMustChange

[daves-jr]

Hi guy,

You can use Micro$oft usrmgr to set account policies to you domain.

---
Emerson Henrique Kfuri Pereira

Divisão de Atendimento e Consultoria
CECOM - Reitoria - UFMG
Telefone: 34994009
---

[EMAIL PROTECTED] wrote on 25/05/2004
17:10:35:

> Hi guys!
>
> I wanna to setup my 3.0.1 samba PDC (with tdbsam) to force user to change

> password.
>
> I read this:
>
> "When I set password lifetime to, say 90 days using
> pdbedit -P "maximum password age" -C 7776000
>
> Attribute "Password must change" is calculated using this formula :
>
> sambaPwdMustChange = sambaPwdLastSet + 90 days.
>
> Is it possible to get "warning message" before actually force user to
> change their password, I mean is it possible to get this formula:
>
> sambaPwdMustChange = (sambaPwdLastSet + 90 days) - 10 days"
>
> pdbedit setting is okay.
>
> but what about sambaPwdMustChange? Should I write it to my smb.conf?
>
> But, I write it and testparm says:
>Unknown parameter encountered: "sambaPwdMustChange"
>Ignoring unknown parameter "sambaPwdMustChange"
>
> So, how can I do this?
>
> --
>
> regars, Roland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] sambaPwdMustChange

[lanrol]

Hi guys!

I wanna to setup my 3.0.1 samba PDC (with tdbsam) to force user to change 
password.

I read this:

"When I set password lifetime to, say 90 days using 
pdbedit -P "maximum password age" -C 7776000

Attribute "Password must change" is calculated using this formula :

sambaPwdMustChange = sambaPwdLastSet + 90 days.

Is it possible to get "warning message" before actually force user to
change their password, I mean is it possible to get this formula:

sambaPwdMustChange = (sambaPwdLastSet + 90 days) - 10 days"

pdbedit setting is okay.

but what about sambaPwdMustChange? Should I write it to my smb.conf?

But, I write it and testparm says:
Unknown parameter encountered: "sambaPwdMustChange"
Ignoring unknown parameter "sambaPwdMustChange"

So, how can I do this?

-- 

regars, Roland
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba