[389-users] Expired password still allows samba login

[David Hoskinson]

We have discovered that if a 389 ldap account expires due to age, that the user 
can still use 389 authentication to login to our samba setup.  I have set back 
in time the passwordexpirationtime and sambapwdlastset variables to see if this 
blocks access.  It does deny ldap login, but samba can still access for same 
account.  Is there something we are missing in our schema in 389 or smb.conf 
file that will force samba to use the expiration date.

Our system levels are Oracle Linux 5.5

389 Files

389-ds-base-1.2.8.3-1.el5
389-ds-console-doc-1.2.5-1.el5
389-ds-base-libs-1.2.8.3-1.el5
389-adminutil-1.1.13-1.el5
389-ds-console-1.2.5-1.el5
389-admin-console-1.1.7-1.el5
389-console-1.1.4-1.el5
389-ds-1.2.1-1.el5
389-admin-1.1.16-1.el5
389-admin-console-doc-1.1.7-1.el5
389-dsgw-1.1.6-1.el5

Samba Files on remote server

samba3-utils-3.6.3-44.el5
samba3-3.6.3-44.el5
samba3-client-3.6.3-44.el5

Thank you for your guidance...


David Hoskinson | DATATRAK
Systems Engineer
Mayfield Heights, Ohio, USA
+1.440.443.0082 x 124 (p) | +1.319.471.3689 (m)
david.hoskin...@datatrak.net | 
www.datatrak.net

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [389-users] Expired password still allows samba login

[Grzegorz Dwornicki]

As i recall from my days as samba admin. Samba had its own attributes and
you shold use smb* commands to set expiration of password.

Greg.
06-09-2012 17:26, "David Hoskinson" 
napisał(a):

>  We have discovered that if a 389 ldap account expires due to age, that
> the user can still use 389 authentication to login to our samba setup.  I
> have set back in time the passwordexpirationtime and sambapwdlastset
> variables to see if this blocks access.  It does deny ldap login, but samba
> can still access for same account.  Is there something we are missing in
> our schema in 389 or smb.conf file that will force samba to use the
> expiration date.
>
> ** **
>
> Our system levels are Oracle Linux 5.5
>
> ** **
>
> 389 Files
>
> ** **
>
> 389-ds-base-1.2.8.3-1.el5
>
> 389-ds-console-doc-1.2.5-1.el5
>
> 389-ds-base-libs-1.2.8.3-1.el5
>
> 389-adminutil-1.1.13-1.el5
>
> 389-ds-console-1.2.5-1.el5
>
> 389-admin-console-1.1.7-1.el5
>
> 389-console-1.1.4-1.el5
>
> 389-ds-1.2.1-1.el5
>
> 389-admin-1.1.16-1.el5
>
> 389-admin-console-doc-1.1.7-1.el5
>
> 389-dsgw-1.1.6-1.el5
>
> ** **
>
> Samba Files on remote server
>
> ** **
>
> samba3-utils-3.6.3-44.el5
>
> samba3-3.6.3-44.el5
>
> samba3-client-3.6.3-44.el5
>
> ** **
>
> Thank you for your guidance...
>
> ** **
>
> ** **
>
> David Hoskinson | *D**ATATRAK*
> Systems Engineer
> Mayfield Heights, Ohio, USA
> +1.440.443.0082 x 124 (p) | +1.319.471.3689 (m)
> david.hoskin...@datatrak.net | www.datatrak.net**
>
> ** **
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users