Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?
I can confirm that the problem is fixed in 3.0.22. We tested briefly today in a small maintenance window that presented itself out of immediate need, and everything worked as expected. However, I have a feeling that 3.0.23rc1 would work even better (i.e. warnings about expiring passwords before they're gone, etc). Still, since a stable version addressed the immediate need, I'll wait until 3.0.23 is released before upgrading yet again. Thanks for the help tho! :) Gerald (Jerry) Carter wrote: On Sun, 28 May 2006, Diego Rivera wrote: I'll try. However, I'm currently thinking of trying 3.0.22, which (from looking at the code) appears to also be fixed in this respect (at least, it appears to handle expired tokens more smartly). It'll be easier to sell a test that one rather than a beta (or RC). Is there an ETA on the release 3.0.23? Soon hopefully. Another few weeks I expect. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: However, you seem to imply that this is a known bug, with no workaround other than a (potential) backport of code from 3.0.23rc1? A backport would be really intrusive. It's a fair amount of code. Simo's right though. I'm pretty sure this is fixed in 3.0.23rc1. If you could at least test 3.0.23rc1 and make sure it meets your needs it would be appreciated. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEeZY4IR7qMdg1EfYRAqPrAJ4nShK1hVlk1uG5CXoKIFxLWjUwlQCgj5EU R6mZhaB4cUQZxWeMwUSKXOI= =4e3H -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Samba 3.0.20, pam_winbind broken?
Hello all! I apologize for my previous post, it seems this list doesn't like GPG/GPG-MIME signatures. I'm trying to configure my linux servers to have automatic password changes happen when the passwords expire, or the AD's User must change password... checkbox is marked. I can do this fine with pam_krb5, but not with pam_winbind. I need to use pam_winbind instead of pam_krb5 because there's a requirement to use kerberos tickets to log on to the servers via SSH, and using pam_krb5 in combination with OpenSSH's GSSAPI authentication (required to allow kerberos tickets over SSH from Windows) doesn't seem to work (I sort of understand why...). So, I'm forced to use pam_winbind. So the question is: why isn't pam_winbind forcing a password change on first login or password expiry? I noticed through some experimentation that setting a new password on expiry is triggered in the account phase of pam authorization (probably through returning PAM_NEW_AUTHTOK_REQD). I experimented with pam_krb5 - the only time it wouldn't work as expected was when it wasn't used as part of the account checking phase. I even tried using nothing but pam_winbind to authorize users (temporarily locking out local unix users), and it still wouldn't work. Can anyone provide any insight? Thanks Diego -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?
On Fri, 2006-05-26 at 12:22 -0600, [EMAIL PROTECTED] wrote: Can anyone provide any insight? Diego can you test with 3.0.23rc1 ? There has been a lot of improvements in winbindd lately and I think this one may have already been fixed. Thanks, Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Samba 3.0.20, pam_winbind broken?
Unfortunately, they're all production servers. The experimentation I spoke of happened on one of those servers, in off hours while maintenance was being performed on the other 3 (so I was able to sneak the 4th one in under the closed for maintenance umbrella). However, you seem to imply that this is a known bug, with no workaround other than a (potential) backport of code from 3.0.23rc1? - Original Message - From: simo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] RE: Samba 3.0.20, pam_winbind broken? Date: Fri, 26 May 2006 14:28:59 -0400 On Fri, 2006-05-26 at 12:22 -0600, [EMAIL PROTECTED] wrote: Can anyone provide any insight? Diego can you test with 3.0.23rc1 ? There has been a lot of improvements in winbindd lately and I think this one may have already been fixed. Thanks, Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba