[Samba] password expiration
Greetings. I have problem with password expiration problem i cannot handle myself, so i wrote in this list. Recently i discovered that a newly created samba account has already expired password. smbldap-useradd -a -d /home/tommy -G education -s /bin/bash -M tommy -c "Tommy T." tommy smbldap-passwd tommy getent shadow user:*:::0 user2:*:::0 user3:*:::3650 tommy:*:::3650 su tommy pam_mount password: Password aged Enter login(LDAP) password: auth.log /dev/pts/5 user:tommy Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:auth): authentication failure; logname= uid=1001 euid=0 tty=/dev/pts/5 ruser=user rhost= user=tommy Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:account): expired password for user tommy (password aged) Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:chauthtok): user "tommy" does not exist in /etc/passwd Nov 26 16:48:12 it-chief su[5638]: pam_chauthtok: Authentication token manipulation error Nov 26 16:48:12 it-chief su[5638]: FAILED su for tommy by user smb.conf [global] workgroup = WORKGROUP server string = %h server ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast ; interfaces = 127.0.0.0/8 eth0 ; bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 syslog only = yes syslog = 0 panic action = /usr/share/samba/panic-action %d log level = 3 vfs:2 security = user encrypt passwords = true obey pam restrictions = no ; unix password sync = no ldap passwd sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated pam password change = no passdb backend = ldapsam:ldap://auth.workgroup ldap ssl = no ldap admin dn = cn=admin,dc=workgroup ldap suffix = dc=workgroup ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users unix extensions = no ; domain logons = yes ; logon path = \\%N\profiles\%U ; logon drive = H: ; logon script = logon.cmd add user script = /usr/sbin/smbldap-useradd -m "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" ldap delete dn = yes delete user script = /usr/sbin/smbldap-userdel "%u" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" smbldap.conf SID="S-1-5-21-482339686-3080510186-2817641028" sambaDomain="WORKGROUP" slaveLDAP="auth.workgroup" slavePort="389" masterLDAP="auth.workgroup" masterPort="389" ldapTLS="0" verify="none" suffix="dc=workgroup" usersdn="ou=Users,${suffix}" computersdn="ou=Computers,${suffix}" groupsdn="ou=Groups,${suffix}" idmapdn="ou=Users,${suffix}" sambaUnixIdPooldn="sambaDomainName=WORKGROUP,${suffix}" scope="sub" hash_encrypt="SSHA" crypt_salt_format="%s" userLoginShell="/bin/bash" userHome="/home/%U" userHomeDirectoryMode="700" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel" defaultMaxPasswordAge="365" userSmbHome="\\NAS\%U" userProfile="\\NAS\profiles\%U" userHomeDrive="H:" userScript="%U.cmd" mailDomain="workgroup" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" slapd.conf include/etc/ldap/schema/core.schema include/etc/ldap/schema/cosine.schema include/etc/ldap/schema/inetorgperson.schema include/etc/ldap/schema/misc.schema include/etc/ldap/schema/nis.schema include/etc/ldap/schema/samba.schema pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd/slapd.args loglevel256 modulepath/usr/lib/ldap moduleloadback_bdb sizelimit 500 tool-threads 1 backendbdb databasebdb suffix "dc=workgroup" directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 indexobjectClasseq indexcnpres,sub,eq indexsnpres,sub,eq indexuidpres,sub,eq indexdisplayNamepres,sub,eq indexdefaultsub indexuidNumbereq indexgidNumbereq indexmail,givenNameeq,subinitial indexdceq indexmemberUideq indexsambaSIDeq indexsambaPrimaryGroupSIDeq indexsambaDomainNameeq indexsambaGroupTypeeq indexsambaSIDListeq indexuniqueMembereq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=workgroup" write by a
[Samba] password expiration problem
Greetings. I have problem with password expiration problem i cannot handle myself, so i wrote in this list. Recently i discovered that a newly created samba account has already expired password. smbldap-useradd -a -d /home/tommy -G education -s /bin/bash -M tommy -c "Tommy T." tommy smbldap-passwd tommy getent shadow user:*:::0 user2:*:::0 user3:*:::3650 tommy:*:::3650 su tommy pam_mount password: Password aged Enter login(LDAP) password: auth.log /dev/pts/5 user:tommy Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:auth): authentication failure; logname= uid=1001 euid=0 tty=/dev/pts/5 ruser=user rhost= user=tommy Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:account): expired password for user tommy (password aged) Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:chauthtok): user "tommy" does not exist in /etc/passwd Nov 26 16:48:12 it-chief su[5638]: pam_chauthtok: Authentication token manipulation error Nov 26 16:48:12 it-chief su[5638]: FAILED su for tommy by user smb.conf [global] workgroup = WORKGROUP server string = %h server ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast ; interfaces = 127.0.0.0/8 eth0 ; bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 syslog only = yes syslog = 0 panic action = /usr/share/samba/panic-action %d log level = 3 vfs:2 security = user encrypt passwords = true obey pam restrictions = no ; unix password sync = no ldap passwd sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated pam password change = no passdb backend = ldapsam:ldap://auth.workgroup ldap ssl = no ldap admin dn = cn=admin,dc=workgroup ldap suffix = dc=workgroup ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users unix extensions = no ; domain logons = yes ; logon path = \\%N\profiles\%U ; logon drive = H: ; logon script = logon.cmd add user script = /usr/sbin/smbldap-useradd -m "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" ldap delete dn = yes delete user script = /usr/sbin/smbldap-userdel "%u" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" smbldap.conf SID="S-1-5-21-482339686-3080510186-2817641028" sambaDomain="WORKGROUP" slaveLDAP="auth.workgroup" slavePort="389" masterLDAP="auth.workgroup" masterPort="389" ldapTLS="0" verify="none" suffix="dc=workgroup" usersdn="ou=Users,${suffix}" computersdn="ou=Computers,${suffix}" groupsdn="ou=Groups,${suffix}" idmapdn="ou=Users,${suffix}" sambaUnixIdPooldn="sambaDomainName=WORKGROUP,${suffix}" scope="sub" hash_encrypt="SSHA" crypt_salt_format="%s" userLoginShell="/bin/bash" userHome="/home/%U" userHomeDirectoryMode="700" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel" defaultMaxPasswordAge="365" userSmbHome="\\NAS\%U" userProfile="\\NAS\profiles\%U" userHomeDrive="H:" userScript="%U.cmd" mailDomain="workgroup" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" slapd.conf include/etc/ldap/schema/core.schema include/etc/ldap/schema/cosine.schema include/etc/ldap/schema/inetorgperson.schema include/etc/ldap/schema/misc.schema include/etc/ldap/schema/nis.schema include/etc/ldap/schema/samba.schema pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd/slapd.args loglevel256 modulepath/usr/lib/ldap moduleloadback_bdb sizelimit 500 tool-threads 1 backendbdb databasebdb suffix "dc=workgroup" directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 indexobjectClasseq indexcnpres,sub,eq indexsnpres,sub,eq indexuidpres,sub,eq indexdisplayNamepres,sub,eq indexdefaultsub indexuidNumbereq indexgidNumbereq indexmail,givenNameeq,subinitial indexdceq indexmemberUideq indexsambaSIDeq indexsambaPrimaryGroupSIDeq indexsambaDomainNameeq indexsambaGroupTypeeq indexsambaSIDListeq indexuniqueMembereq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=workgroup"