[Samba] Your password expires today problem
Hi, I currently migrate an existant earlier SAMBA (Version 2.2.9) / OpenLDAP (slapd 2.2.26) configuration to SAMBA (Version 3.0.25b-0.4E.6) / OpenLDAP (slapd 2.4.11). To preserve the compatibility with my schema.v2, my new smb.conf now contains : passdb backend = ldapsam_compat:ldap://w.x.y.z:389 (where w.x.y.z is the ldap server) Simultaneously, for same reason, i kept uncommented the historical section of my samba schema.v3 on my ldap server. I can either ask my domain and ldap server, that's OK I can insert and remove machines in/from my domain, i can authenticate users too, BUT each times i've got the problem with the message : Your password expires today when connecting from microsoft windows xp-client. I' ve tried the envisageables solutions, read on this list, but so far without result : # net groupmap list [2010/04/29 10:59:05, 0] param/loadparm.c:map_parameter(2765) Unknown parameter encountered: maximum password age [2010/04/29 10:59:05, 0] param/loadparm.c:lp_do_parameter(3505) Ignoring unknown parameter maximum password age # pdbedit -P maximum password age -C 4294967294 Unknown parameter encountered: maximum password age Ignoring unknown parameter maximum password age valid account policy, but unable to fetch value! account policy maximum password age description: Maximum password age, in seconds (default: -1 = never expire passwords) account policy maximum password age value was: 4294967295 valid account policy, but unable to set value! # pdbedit -r -c [X ] -u martin Unknown parameter encountered: maximum password age Ignoring unknown parameter maximum password age Unix username:martin NT username: martin Account Flags:[UX ] ... What is wrong on my configuration? Thanks for helping. Best regards François -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Your password expires today problem
On 03/11/2010 02:04 AM, Richard Lamboj wrote: i got this Problem with Samba 3.4.6 and 3.5.1 and yes i know there is already a bug report. Your workaround doesn't work for me. Is there another solution? This don't work: pdbedit -P maximum password age -C 4294967294 I'am using LDAP. We have Upgraded from 3.2.14. The LDAP Schema Files don't have changed, or? I was told on IRC not to use pdbedit for changing the password aging information in Samba, but to instead use net sam to set policy. You should be able to set the maximum password age using the following command: # net sam policy set maximum password age 4294967294 You can set the following policy attributes this way (this is output from net sam policy list): min password length password history user must logon to change password maximum password age minimum password age lockout duration reset count minutes bad lockout attempt disconnect time refuse machine password change HTH, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Your password expires today problem
Hello, server-p:/# net sam policy set maximum password age 4294967294 Account policy maximum password age value was: -2 Account policy maximum password age value is now: -2 Is that Output Normal? Kind Regards Original-Nachricht Datum: Thu, 11 Mar 2010 12:58:44 -0500 Von: Michael B. Trausch mike+gm...@trausch.us An: samba@lists.samba.org Betreff: Re: [Samba] Your password expires today problem On 03/11/2010 02:04 AM, Richard Lamboj wrote: i got this Problem with Samba 3.4.6 and 3.5.1 and yes i know there is already a bug report. Your workaround doesn't work for me. Is there another solution? This don't work: pdbedit -P maximum password age -C 4294967294 I'am using LDAP. We have Upgraded from 3.2.14. The LDAP Schema Files don't have changed, or? I was told on IRC not to use pdbedit for changing the password aging information in Samba, but to instead use net sam to set policy. You should be able to set the maximum password age using the following command: # net sam policy set maximum password age 4294967294 You can set the following policy attributes this way (this is output from net sam policy list): min password length password history user must logon to change password maximum password age minimum password age lockout duration reset count minutes bad lockout attempt disconnect time refuse machine password change HTH, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Your password expires today problem
Hello, okay i have something forgotten. Its a 64 Bit System. So well i only could use a signed 32 bit int? Kind Regards Richi Original-Nachricht Datum: Thu, 11 Mar 2010 21:52:53 +0100 Von: Richard Lamboj richard.lam...@gmx.at An: samba@lists.samba.org Betreff: Re: [Samba] Your password expires today problem Hello, server-p:/# net sam policy set maximum password age 4294967294 Account policy maximum password age value was: -2 Account policy maximum password age value is now: -2 Is that Output Normal? Kind Regards Original-Nachricht Datum: Thu, 11 Mar 2010 12:58:44 -0500 Von: Michael B. Trausch mike+gm...@trausch.us An: samba@lists.samba.org Betreff: Re: [Samba] Your password expires today problem On 03/11/2010 02:04 AM, Richard Lamboj wrote: i got this Problem with Samba 3.4.6 and 3.5.1 and yes i know there is already a bug report. Your workaround doesn't work for me. Is there another solution? This don't work: pdbedit -P maximum password age -C 4294967294 I'am using LDAP. We have Upgraded from 3.2.14. The LDAP Schema Files don't have changed, or? I was told on IRC not to use pdbedit for changing the password aging information in Samba, but to instead use net sam to set policy. You should be able to set the maximum password age using the following command: # net sam policy set maximum password age 4294967294 You can set the following policy attributes this way (this is output from net sam policy list): min password length password history user must logon to change password maximum password age minimum password age lockout duration reset count minutes bad lockout attempt disconnect time refuse machine password change HTH, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- GMX DSL: Internet, Telefon und Entertainment für nur 19,99 EUR/mtl.! http://portal.gmx.net/de/go/dsl02 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Your password expires today problem
On 03/11/2010 03:52 PM, Richard Lamboj wrote: Hello, server-p:/# net sam policy set maximum password age 4294967294 Account policy maximum password age value was: -2 Account policy maximum password age value is now: -2 Is that Output Normal? Looks like there is some wrapping going on there. Try: # net sam policy set maximum password age 4294967291 That said, I don't know why there would be wrapping. An unsigned 32-bit integer's maximum value is 4294967295, so 4294967294 (the value that you used) should be something that would fit. I don't know what would cause that to happen that way. --- Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Your password expires today problem
Good Morning, Its definitly a signed 32 bit int: net sam policy set maximum password age 4294967291 Account policy maximum password age value was: -1 Account policy maximum password age value is now: -5 Does not work: net sam policy set maximum password age never Account policy maximum password age value was: 2147483647 Account policy maximum password age value is now: -1 Does also not work: net sam policy set maximum password age 2147483647 Account policy maximum password age value was: -5 Account policy maximum password age value is now: 2147483647 So when i'am using never it will be set to -1, so it must be a signed integer and this has a maximal value of 2147483647. Napalm and a new Job on the Beach could be the Solution... King Regards Richi Am Friday 12 March 2010 02:14:10 schrieb Michael B. Trausch: On 03/11/2010 03:52 PM, Richard Lamboj wrote: Hello, server-p:/# net sam policy set maximum password age 4294967294 Account policy maximum password age value was: -2 Account policy maximum password age value is now: -2 Is that Output Normal? Looks like there is some wrapping going on there. Try: # net sam policy set maximum password age 4294967291 That said, I don't know why there would be wrapping. An unsigned 32-bit integer's maximum value is 4294967295, so 4294967294 (the value that you used) should be something that would fit. I don't know what would cause that to happen that way. --- Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Your password expires today problem
Hello, i got this Problem with Samba 3.4.6 and 3.5.1 and yes i know there is already a bug report. Your workaround doesn't work for me. Is there another solution? This don't work: pdbedit -P maximum password age -C 4294967294 I'am using LDAP. We have Upgraded from 3.2.14. The LDAP Schema Files don't have changed, or? Kind Regards Richi Original-Nachricht Datum: Mon, 01 Mar 2010 12:49:28 +0100 Von: Martin Schmidt martin.schm...@uni-wuerzburg.de An: Marcelo Terres mhter...@gmail.com CC: samba@lists.samba.org Betreff: Re: [Samba] Your password expires today problem Am 26.02.2010 14:51, schrieb Marcelo Terres: Let me understand. On Fri, Feb 26, 2010 at 6:52 AM, Martin Schmidt martin.schm...@uni-wuerzburg.de mailto:martin.schm...@uni-wuerzburg.de wrote: hi again, in my case it works now after setting the maximum password age to a point far in future, but not to never. So this works: pdbedit -P maximum password age -C 4294967294 This way, the message stops ? see below. but this not: pdbedit -P maximum password age -C -1 I have also re-disabled the users account control property Password does not expire using pdbedit -r -c [] test Unix username:test NT username: Account Flags:[U ] User SID: S-1-5-21-1200361472-1041780773-253280391-2648 Primary Group SID:S-1-5-21-1200361472-1041780773-253280391-513 Full Name: Home Directory: \\fecenter\test HomeDir Drive:Q: Logon Script:Profile Path: \\fecenter\profiles\test Domain: LSFE Account desc:Workstations:Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Thu, 25 Feb 2010 10:35:29 CET Password can change: Thu, 25 Feb 2010 10:35:29 CET Password must change: Sun, 03 Apr 2146 18:03:43 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF I could have hit on it in a moment! Disabling this policy the message stop too ? I'm not sure what stoped the message eventually. But I think the first one, the second procedure was only to undo my changes I have done while testing. Regards, Martin Regards , regards, Martin Martin Schmidt schrieb: hi, I tried pdbedit -P maximum password age -C -1, but with no effect. pdbedit -r -c [X] test and retyping the password via smbpasswd test had also no effect, curiously pdbedit -v test gives following: Unix username:test NT username: Account Flags:[UX ] User SID: S-1-5-21-1200361472-1041780773-253280391-2648 Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513 Full Name: Home Directory: \\fecenter\test HomeDir Drive:Q: Logon Script:Profile Path: \\fecenter\profiles\test Domain: LSFE Account desc:Workstations:Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Thu, 25 Feb 2010 09:47:06 CET Password can change: Thu, 25 Feb 2010 09:47:06 CET Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF regards, Martin Gaiseric Vandal schrieb: We had a few users with the same problem when we moved the password backend from tdb to ldap.The following command seem to fix it. pdbedit -P maximum password age -C -1 On 02/24/2010 04:25 PM, Marcelo Terres wrote: Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the policies domain account (configured with pdbedit). This feature starts in 3.0.25 and the problems with password expiration starts in the version either. Regards, Marcelo H. Terres mhter...@gmail.com mailto:mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com mailto:mhter...@hotmail.com Jabber: mhter...@jabber.org mailto:mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres
Re: [Samba] Your password expires today problem
Am 26.02.2010 14:51, schrieb Marcelo Terres: Let me understand. On Fri, Feb 26, 2010 at 6:52 AM, Martin Schmidt martin.schm...@uni-wuerzburg.de mailto:martin.schm...@uni-wuerzburg.de wrote: hi again, in my case it works now after setting the maximum password age to a point far in future, but not to never. So this works: pdbedit -P maximum password age -C 4294967294 This way, the message stops ? see below. but this not: pdbedit -P maximum password age -C -1 I have also re-disabled the users account control property Password does not expire using pdbedit -r -c [] test Unix username:test NT username: Account Flags:[U ] User SID: S-1-5-21-1200361472-1041780773-253280391-2648 Primary Group SID:S-1-5-21-1200361472-1041780773-253280391-513 Full Name: Home Directory: \\fecenter\test HomeDir Drive:Q: Logon Script:Profile Path: \\fecenter\profiles\test Domain: LSFE Account desc:Workstations:Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Thu, 25 Feb 2010 10:35:29 CET Password can change: Thu, 25 Feb 2010 10:35:29 CET Password must change: Sun, 03 Apr 2146 18:03:43 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF I could have hit on it in a moment! Disabling this policy the message stop too ? I'm not sure what stoped the message eventually. But I think the first one, the second procedure was only to undo my changes I have done while testing. Regards, Martin Regards , regards, Martin Martin Schmidt schrieb: hi, I tried pdbedit -P maximum password age -C -1, but with no effect. pdbedit -r -c [X] test and retyping the password via smbpasswd test had also no effect, curiously pdbedit -v test gives following: Unix username:test NT username: Account Flags:[UX ] User SID: S-1-5-21-1200361472-1041780773-253280391-2648 Primary Group SID:S-1-5-21-1200361472-1041780773-253280391-513 Full Name: Home Directory: \\fecenter\test HomeDir Drive:Q: Logon Script:Profile Path: \\fecenter\profiles\test Domain: LSFE Account desc:Workstations:Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Thu, 25 Feb 2010 09:47:06 CET Password can change: Thu, 25 Feb 2010 09:47:06 CET Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF regards, Martin Gaiseric Vandal schrieb: We had a few users with the same problem when we moved the password backend from tdb to ldap.The following command seem to fix it. pdbedit -P maximum password age -C -1 On 02/24/2010 04:25 PM, Marcelo Terres wrote: Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the policies domain account (configured with pdbedit). This feature starts in 3.0.25 and the problems with password expiration starts in the version either. Regards, Marcelo H. Terres mhter...@gmail.com mailto:mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com mailto:mhter...@hotmail.com Jabber: mhter...@jabber.org mailto:mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt martin.schm...@uni-wuerzburg.de mailto:martin.schm...@uni-wuerzburg.de wrote: Hi, I have a very similiar problem, but the story is an other: I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3 (pdc). The user-accounts were moved following this instruction: http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/.
Re: [Samba] Your password expires today problem
hi again, in my case it works now after setting the maximum password age to a point far in future, but not to never. So this works: pdbedit -P maximum password age -C 4294967294 but this not: pdbedit -P maximum password age -C -1 I have also re-disabled the users account control property Password does not expire using pdbedit -r -c [] test Unix username:test NT username: Account Flags:[U ] User SID: S-1-5-21-1200361472-1041780773-253280391-2648 Primary Group SID:S-1-5-21-1200361472-1041780773-253280391-513 Full Name: Home Directory: \\fecenter\test HomeDir Drive:Q: Logon Script: Profile Path: \\fecenter\profiles\test Domain: LSFE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Thu, 25 Feb 2010 10:35:29 CET Password can change: Thu, 25 Feb 2010 10:35:29 CET Password must change: Sun, 03 Apr 2146 18:03:43 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF I could have hit on it in a moment! regards, Martin Martin Schmidt schrieb: hi, I tried pdbedit -P maximum password age -C -1, but with no effect. pdbedit -r -c [X] test and retyping the password via smbpasswd test had also no effect, curiously pdbedit -v test gives following: Unix username:test NT username: Account Flags:[UX ] User SID: S-1-5-21-1200361472-1041780773-253280391-2648 Primary Group SID:S-1-5-21-1200361472-1041780773-253280391-513 Full Name: Home Directory: \\fecenter\test HomeDir Drive:Q: Logon Script:Profile Path: \\fecenter\profiles\test Domain: LSFE Account desc:Workstations:Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Thu, 25 Feb 2010 09:47:06 CET Password can change: Thu, 25 Feb 2010 09:47:06 CET Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF regards, Martin Gaiseric Vandal schrieb: We had a few users with the same problem when we moved the password backend from tdb to ldap.The following command seem to fix it. pdbedit -P maximum password age -C -1 On 02/24/2010 04:25 PM, Marcelo Terres wrote: Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the policies domain account (configured with pdbedit). This feature starts in 3.0.25 and the problems with password expiration starts in the version either. Regards, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt martin.schm...@uni-wuerzburg.de wrote: Hi, I have a very similiar problem, but the story is an other: I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3 (pdc). The user-accounts were moved following this instruction: http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. When some user now try to login to the domain from a xp-client following message appears at every login: Your Windows password has expired and must be changed. You must change your password now! The user can change the password and everything works fine. But at next login the same story. This happens only to some of the old users and to all users created after migration. Any idea what could be the reason for this? I already searched a lot but didn't find something like this. Thanks for any info. Regards, Martin Dipl.- Geogr. Martin Schmidt Würzburg University Department of Geography Remote Sensing Unit German Remote Sensing Data Center (DFD) at German Aerospace Center (DLR) Oberpfaffenhofen Am Hubland 97074 Würzburg phone: +49 (931) 31-88179 fax: +49 (931) 888-5544 eMail: martin.schm...@uni-wuerzburg.de Here my smb.conf: [global] #log file = /var/log/samba.%m smb ports = 139 445 #root = administrator #DOMAIN ADMINS = root, administrator #Allgemeine Einstellungen-- #Workgroup netbios name = XXX #netbios aliases = XXX server string = XXX workgroup = XXX guest account = XXX #-Sicherheit-- #Nur Subnetz FE zulassen hosts deny = XXX hosts allow = XXX #Nur die Ethernet Karte 0 und Loopback zulassen interfaces = eth0 lo bind interfaces only
Re: [Samba] Your password expires today problem
Let me understand. On Fri, Feb 26, 2010 at 6:52 AM, Martin Schmidt martin.schm...@uni-wuerzburg.de wrote: hi again, in my case it works now after setting the maximum password age to a point far in future, but not to never. So this works: pdbedit -P maximum password age -C 4294967294 This way, the message stops ? but this not: pdbedit -P maximum password age -C -1 I have also re-disabled the users account control property Password does not expire using pdbedit -r -c [] test Unix username:test NT username: Account Flags:[U ] User SID: S-1-5-21-1200361472-1041780773-253280391-2648 Primary Group SID:S-1-5-21-1200361472-1041780773-253280391-513 Full Name: Home Directory: \\fecenter\test HomeDir Drive:Q: Logon Script:Profile Path: \\fecenter\profiles\test Domain: LSFE Account desc:Workstations:Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Thu, 25 Feb 2010 10:35:29 CET Password can change: Thu, 25 Feb 2010 10:35:29 CET Password must change: Sun, 03 Apr 2146 18:03:43 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF I could have hit on it in a moment! Disabling this policy the message stop too ? Regards , regards, Martin Martin Schmidt schrieb: hi, I tried pdbedit -P maximum password age -C -1, but with no effect. pdbedit -r -c [X] test and retyping the password via smbpasswd test had also no effect, curiously pdbedit -v test gives following: Unix username:test NT username: Account Flags:[UX ] User SID: S-1-5-21-1200361472-1041780773-253280391-2648 Primary Group SID:S-1-5-21-1200361472-1041780773-253280391-513 Full Name: Home Directory: \\fecenter\test HomeDir Drive:Q: Logon Script:Profile Path: \\fecenter\profiles\test Domain: LSFE Account desc:Workstations:Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Thu, 25 Feb 2010 09:47:06 CET Password can change: Thu, 25 Feb 2010 09:47:06 CET Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF regards, Martin Gaiseric Vandal schrieb: We had a few users with the same problem when we moved the password backend from tdb to ldap.The following command seem to fix it. pdbedit -P maximum password age -C -1 On 02/24/2010 04:25 PM, Marcelo Terres wrote: Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the policies domain account (configured with pdbedit). This feature starts in 3.0.25 and the problems with password expiration starts in the version either. Regards, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt martin.schm...@uni-wuerzburg.de wrote: Hi, I have a very similiar problem, but the story is an other: I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3 (pdc). The user-accounts were moved following this instruction: http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. When some user now try to login to the domain from a xp-client following message appears at every login: Your Windows password has expired and must be changed. You must change your password now! The user can change the password and everything works fine. But at next login the same story. This happens only to some of the old users and to all users created after migration. Any idea what could be the reason for this? I already searched a lot but didn't find something like this. Thanks for any info. Regards, Martin Dipl.- Geogr. Martin Schmidt Würzburg University Department of Geography Remote Sensing Unit German Remote Sensing Data Center (DFD) at German Aerospace Center (DLR) Oberpfaffenhofen Am Hubland 97074 Würzburg phone: +49 (931) 31-88179 fax: +49 (931) 888-5544 eMail: martin.schm...@uni-wuerzburg.de Here my smb.conf: [global] #log file = /var/log/samba.%m smb ports = 139 445 #root = administrator #DOMAIN ADMINS = root, administrator #Allgemeine Einstellungen-- #Workgroup netbios name = XXX #netbios aliases = XXX server string = XXX
Re: [Samba] Your password expires today problem
hi, I tried pdbedit -P maximum password age -C -1, but with no effect. pdbedit -r -c [X] test and retyping the password via smbpasswd test had also no effect, curiously pdbedit -v test gives following: Unix username:test NT username: Account Flags:[UX ] User SID: S-1-5-21-1200361472-1041780773-253280391-2648 Primary Group SID:S-1-5-21-1200361472-1041780773-253280391-513 Full Name: Home Directory: \\fecenter\test HomeDir Drive:Q: Logon Script: Profile Path: \\fecenter\profiles\test Domain: LSFE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Thu, 25 Feb 2010 09:47:06 CET Password can change: Thu, 25 Feb 2010 09:47:06 CET Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF regards, Martin Gaiseric Vandal schrieb: We had a few users with the same problem when we moved the password backend from tdb to ldap.The following command seem to fix it. pdbedit -P maximum password age -C -1 On 02/24/2010 04:25 PM, Marcelo Terres wrote: Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the policies domain account (configured with pdbedit). This feature starts in 3.0.25 and the problems with password expiration starts in the version either. Regards, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt martin.schm...@uni-wuerzburg.de wrote: Hi, I have a very similiar problem, but the story is an other: I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3 (pdc). The user-accounts were moved following this instruction: http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. When some user now try to login to the domain from a xp-client following message appears at every login: Your Windows password has expired and must be changed. You must change your password now! The user can change the password and everything works fine. But at next login the same story. This happens only to some of the old users and to all users created after migration. Any idea what could be the reason for this? I already searched a lot but didn't find something like this. Thanks for any info. Regards, Martin Dipl.- Geogr. Martin Schmidt Würzburg University Department of Geography Remote Sensing Unit German Remote Sensing Data Center (DFD) at German Aerospace Center (DLR) Oberpfaffenhofen Am Hubland 97074 Würzburg phone: +49 (931) 31-88179 fax: +49 (931) 888-5544 eMail: martin.schm...@uni-wuerzburg.de Here my smb.conf: [global] #log file = /var/log/samba.%m smb ports = 139 445 #root = administrator #DOMAIN ADMINS = root, administrator #Allgemeine Einstellungen-- #Workgroup netbios name = XXX #netbios aliases = XXX server string = XXX workgroup = XXX guest account = XXX #-Sicherheit-- #Nur Subnetz FE zulassen hosts deny = XXX hosts allow = XXX #Nur die Ethernet Karte 0 und Loopback zulassen interfaces = eth0 lo bind interfaces only = yes #Unbekannt Nutzer rejecten #map to guest = Never #Zugriff auf benutzerdefinierte Freigaben nicht erlauben #usershare allow guests = No #Kommunikation der Clients mit Samba auf User Ebene #Passwort - Backend #passdb backend = tdbsam:/etc/samba/passdb.tdb passdb backend= smbpasswd security = user encrypt passwords = true smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/smbpasswd %u unix password sync = false obey pam restrictions = yes #Fuer bestimmte Nutzer gibts extra smb.conf Dateien config file = /etc/samba/smb.conf.%U # Roaming Profiles - #Antworten auf WIN98/95 Anfragen domain logons = Yes logon path = \\%L\profiles\%U logon drive = Q: #logon script = logon.cmd # Browsing und Domain Master (PDC) - #wins support = Yes #wins server = XXX #wins proxy = yes #PDC im Subnetz domain master = Yes local master = Yes preferred master = Yes os level = 65 #client-side caching policy #csc policy = disable #Benutzerverwaltung- #Hinzufuegen einer
Re: [Samba] Your password expires today problem
In out case, we need to set the maximum password age. Regards, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br On Wed, Feb 24, 2010 at 6:36 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: We had a few users with the same problem when we moved the password backend from tdb to ldap.The following command seem to fix it. pdbedit -P maximum password age -C -1 On 02/24/2010 04:25 PM, Marcelo Terres wrote: Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the policies domain account (configured with pdbedit). This feature starts in 3.0.25 and the problems with password expiration starts in the version either. Regards, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt martin.schm...@uni-wuerzburg.de wrote: Hi, I have a very similiar problem, but the story is an other: I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3 (pdc). The user-accounts were moved following this instruction: http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/ . When some user now try to login to the domain from a xp-client following message appears at every login: Your Windows password has expired and must be changed. You must change your password now! The user can change the password and everything works fine. But at next login the same story. This happens only to some of the old users and to all users created after migration. Any idea what could be the reason for this? I already searched a lot but didn't find something like this. Thanks for any info. Regards, Martin Dipl.- Geogr. Martin Schmidt Würzburg University Department of Geography Remote Sensing Unit German Remote Sensing Data Center (DFD) at German Aerospace Center (DLR) Oberpfaffenhofen Am Hubland 97074 Würzburg phone: +49 (931) 31-88179 fax: +49 (931) 888-5544 eMail: martin.schm...@uni-wuerzburg.de Here my smb.conf: [global] #log file = /var/log/samba.%m smb ports = 139 445 #root = administrator #DOMAIN ADMINS = root, administrator #Allgemeine Einstellungen-- #Workgroup netbios name = XXX #netbios aliases = XXX server string = XXX workgroup = XXX guest account = XXX #-Sicherheit-- #Nur Subnetz FE zulassen hosts deny = XXX hosts allow = XXX #Nur die Ethernet Karte 0 und Loopback zulassen interfaces = eth0 lo bind interfaces only = yes #Unbekannt Nutzer rejecten #map to guest = Never #Zugriff auf benutzerdefinierte Freigaben nicht erlauben #usershare allow guests = No #Kommunikation der Clients mit Samba auf User Ebene #Passwort - Backend #passdb backend = tdbsam:/etc/samba/passdb.tdb passdb backend= smbpasswd security = user encrypt passwords = true smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/smbpasswd %u unix password sync = false obey pam restrictions = yes #Fuer bestimmte Nutzer gibts extra smb.conf Dateien config file = /etc/samba/smb.conf.%U # Roaming Profiles - #Antworten auf WIN98/95 Anfragen domain logons = Yes logon path = \\%L\profiles\%U logon drive = Q: #logon script = logon.cmd # Browsing und Domain Master (PDC) - #wins support = Yes #wins server = XXX #wins proxy = yes #PDC im Subnetz domain master = Yes local master = Yes preferred master = Yes os level = 65 #client-side caching policy #csc policy = disable #Benutzerverwaltung- #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort #add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ #---Drucker load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #Tuning- socket options = TCP_NODELAY IPTOS_LOWDELAY #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des Clients deadtime = 10 #getwd
Re: [Samba] Your password expires today problem
Hi, I have a very similiar problem, but the story is an other: I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3 (pdc). The user-accounts were moved following this instruction: http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. When some user now try to login to the domain from a xp-client following message appears at every login: Your Windows password has expired and must be changed. You must change your password now! The user can change the password and everything works fine. But at next login the same story. This happens only to some of the old users and to all users created after migration. Any idea what could be the reason for this? I already searched a lot but didn't find something like this. Thanks for any info. Regards, Martin Dipl.- Geogr. Martin Schmidt Würzburg University Department of Geography Remote Sensing Unit German Remote Sensing Data Center (DFD) at German Aerospace Center (DLR) Oberpfaffenhofen Am Hubland 97074 Würzburg phone: +49 (931) 31-88179 fax: +49 (931) 888-5544 eMail: martin.schm...@uni-wuerzburg.de Here my smb.conf: [global] #log file = /var/log/samba.%m smb ports = 139 445 #root = administrator #DOMAIN ADMINS = root, administrator #Allgemeine Einstellungen-- #Workgroup netbios name = XXX #netbios aliases = XXX server string = XXX workgroup = XXX guest account = XXX #-Sicherheit-- #Nur Subnetz FE zulassen hosts deny = XXX hosts allow = XXX #Nur die Ethernet Karte 0 und Loopback zulassen interfaces = eth0 lo bind interfaces only = yes #Unbekannt Nutzer rejecten #map to guest = Never #Zugriff auf benutzerdefinierte Freigaben nicht erlauben #usershare allow guests = No #Kommunikation der Clients mit Samba auf User Ebene #Passwort - Backend #passdb backend = tdbsam:/etc/samba/passdb.tdb passdb backend= smbpasswd security = user encrypt passwords = true smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/smbpasswd %u unix password sync = false obey pam restrictions = yes #Fuer bestimmte Nutzer gibts extra smb.conf Dateien config file = /etc/samba/smb.conf.%U # Roaming Profiles - #Antworten auf WIN98/95 Anfragen domain logons = Yes logon path = \\%L\profiles\%U logon drive = Q: #logon script = logon.cmd # Browsing und Domain Master (PDC) - #wins support = Yes #wins server = XXX #wins proxy = yes #PDC im Subnetz domain master = Yes local master = Yes preferred master = Yes os level = 65 #client-side caching policy #csc policy = disable #Benutzerverwaltung- #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort #add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ #---Drucker load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #Tuning- socket options = TCP_NODELAY IPTOS_LOWDELAY #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des Clients deadtime = 10 #getwd cache = yes #kernel oplocks = no ldap suffix = log level = 1 #Sonstiger Mist #include = /etc/samba/dhcp.conf dos charset = CP850 display charset = ISO8859-1 unix charset = ISO8859-1 #oplock break wait time = 20 #oplocks = no #kernel oplocks = no # Zeit-Server -- time server = true ### # Anmeldung Freigaben # ### [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes create mask = 0664 directory mask = 0775 [profiles] comment = Network Profiles Service path = /home/samba/windowsprofiles hide files = /desktop.ini/ read only = No browseable = No guest ok = Yes writable = Yes printable = No store dos attributes = Yes create mask = 0700 directory mask = 0700 [netlogon] comment = Network Logon Service2 path = /home/samba/netlogon/%g guest ok = Yes browseable = No read only = No writable = Yes ### # Freigaben ### ### ... Marcelo Terres schrieb: Hi. I enabled policies with pdbedit. Password must be changed every 90 days and must contain at least 8
Re: [Samba] Your password expires today problem
Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the policies domain account (configured with pdbedit). This feature starts in 3.0.25 and the problems with password expiration starts in the version either. Regards, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt martin.schm...@uni-wuerzburg.de wrote: Hi, I have a very similiar problem, but the story is an other: I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3 (pdc). The user-accounts were moved following this instruction: http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. When some user now try to login to the domain from a xp-client following message appears at every login: Your Windows password has expired and must be changed. You must change your password now! The user can change the password and everything works fine. But at next login the same story. This happens only to some of the old users and to all users created after migration. Any idea what could be the reason for this? I already searched a lot but didn't find something like this. Thanks for any info. Regards, Martin Dipl.- Geogr. Martin Schmidt Würzburg University Department of Geography Remote Sensing Unit German Remote Sensing Data Center (DFD) at German Aerospace Center (DLR) Oberpfaffenhofen Am Hubland 97074 Würzburg phone: +49 (931) 31-88179 fax: +49 (931) 888-5544 eMail: martin.schm...@uni-wuerzburg.de Here my smb.conf: [global] #log file = /var/log/samba.%m smb ports = 139 445 #root = administrator #DOMAIN ADMINS = root, administrator #Allgemeine Einstellungen-- #Workgroup netbios name = XXX #netbios aliases = XXX server string = XXX workgroup = XXX guest account = XXX #-Sicherheit-- #Nur Subnetz FE zulassen hosts deny = XXX hosts allow = XXX #Nur die Ethernet Karte 0 und Loopback zulassen interfaces = eth0 lo bind interfaces only = yes #Unbekannt Nutzer rejecten #map to guest = Never #Zugriff auf benutzerdefinierte Freigaben nicht erlauben #usershare allow guests = No #Kommunikation der Clients mit Samba auf User Ebene #Passwort - Backend #passdb backend = tdbsam:/etc/samba/passdb.tdb passdb backend= smbpasswd security = user encrypt passwords = true smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/smbpasswd %u unix password sync = false obey pam restrictions = yes #Fuer bestimmte Nutzer gibts extra smb.conf Dateien config file = /etc/samba/smb.conf.%U # Roaming Profiles - #Antworten auf WIN98/95 Anfragen domain logons = Yes logon path = \\%L\profiles\%U logon drive = Q: #logon script = logon.cmd # Browsing und Domain Master (PDC) - #wins support = Yes #wins server = XXX #wins proxy = yes #PDC im Subnetz domain master = Yes local master = Yes preferred master = Yes os level = 65 #client-side caching policy #csc policy = disable #Benutzerverwaltung- #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort #add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ #---Drucker load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #Tuning- socket options = TCP_NODELAY IPTOS_LOWDELAY #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des Clients deadtime = 10 #getwd cache = yes #kernel oplocks = no ldap suffix = log level = 1 #Sonstiger Mist #include = /etc/samba/dhcp.conf dos charset = CP850 display charset = ISO8859-1 unix charset = ISO8859-1 #oplock break wait time = 20 #oplocks = no #kernel oplocks = no # Zeit-Server -- time server = true ### # Anmeldung Freigaben # ### [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes create mask = 0664 directory mask = 0775 [profiles] comment = Network Profiles Service
Re: [Samba] Your password expires today problem
We had a few users with the same problem when we moved the password backend from tdb to ldap.The following command seem to fix it. pdbedit -P maximum password age -C -1 On 02/24/2010 04:25 PM, Marcelo Terres wrote: Samba 3.0.24 doesn't have the problem, maybe because it doesn't support the policies domain account (configured with pdbedit). This feature starts in 3.0.25 and the problems with password expiration starts in the version either. Regards, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt martin.schm...@uni-wuerzburg.de wrote: Hi, I have a very similiar problem, but the story is an other: I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba 3.4.3 (pdc). The user-accounts were moved following this instruction: http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. When some user now try to login to the domain from a xp-client following message appears at every login: Your Windows password has expired and must be changed. You must change your password now! The user can change the password and everything works fine. But at next login the same story. This happens only to some of the old users and to all users created after migration. Any idea what could be the reason for this? I already searched a lot but didn't find something like this. Thanks for any info. Regards, Martin Dipl.- Geogr. Martin Schmidt Würzburg University Department of Geography Remote Sensing Unit German Remote Sensing Data Center (DFD) at German Aerospace Center (DLR) Oberpfaffenhofen Am Hubland 97074 Würzburg phone: +49 (931) 31-88179 fax: +49 (931) 888-5544 eMail: martin.schm...@uni-wuerzburg.de Here my smb.conf: [global] #log file = /var/log/samba.%m smb ports = 139 445 #root = administrator #DOMAIN ADMINS = root, administrator #Allgemeine Einstellungen-- #Workgroup netbios name = XXX #netbios aliases = XXX server string = XXX workgroup = XXX guest account = XXX #-Sicherheit-- #Nur Subnetz FE zulassen hosts deny = XXX hosts allow = XXX #Nur die Ethernet Karte 0 und Loopback zulassen interfaces = eth0 lo bind interfaces only = yes #Unbekannt Nutzer rejecten #map to guest = Never #Zugriff auf benutzerdefinierte Freigaben nicht erlauben #usershare allow guests = No #Kommunikation der Clients mit Samba auf User Ebene #Passwort - Backend #passdb backend = tdbsam:/etc/samba/passdb.tdb passdb backend= smbpasswd security = user encrypt passwords = true smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/smbpasswd %u unix password sync = false obey pam restrictions = yes #Fuer bestimmte Nutzer gibts extra smb.conf Dateien config file = /etc/samba/smb.conf.%U # Roaming Profiles - #Antworten auf WIN98/95 Anfragen domain logons = Yes logon path = \\%L\profiles\%U logon drive = Q: #logon script = logon.cmd # Browsing und Domain Master (PDC) - #wins support = Yes #wins server = XXX #wins proxy = yes #PDC im Subnetz domain master = Yes local master = Yes preferred master = Yes os level = 65 #client-side caching policy #csc policy = disable #Benutzerverwaltung- #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort #add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ #---Drucker load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #Tuning- socket options = TCP_NODELAY IPTOS_LOWDELAY #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des Clients deadtime = 10 #getwd cache = yes #kernel oplocks = no ldap suffix = log level = 1 #Sonstiger Mist #include = /etc/samba/dhcp.conf dos charset = CP850 display charset = ISO8859-1 unix charset = ISO8859-1 #oplock break wait time = 20 #oplocks = no #kernel oplocks = no # Zeit-Server -- time server = true ### # Anmeldung Freigaben # ### [homes] comment = Home
[Samba] Your password expires today problem
Hi. I enabled policies with pdbedit. Password must be changed every 90 days and must contain at least 8 characters. I enabled password history too. After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour) every time a user try to log in the domain using Windows receives a Your password expires today. Do you want to change it now ? message box. If the password is changed, the message appear again next time the user try to login. If the user answers no the same thing happens in the next login. I tested it with a lot of users and changed the passwords several times and the problem continues. Anybody have some idea about this problem ? Thanks in advance. Regards, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
