Hi Friends... Now is working.
When I use the command: smbldap-usermod sachs -B 1 Smbldap-tools change only sambaPwdMustChange to 0, I will report this for IDEALX and to group Debian. Thanks! 2009/3/13 David Markey <dmar...@comp.dit.ie>: > sambaPwdMustChange is depreciated. > > Its now calculated dynamically. sambaPwdLastSet + sambaMaxPwdAge > > If you want to force a password change set sambaPwdLastSet to 0. > > > > > > > Eduardo Sachs wrote: >> Hi People! >> >> I use pam_winbind for authentication in my computer workstation using >> Debian Lenny 5.0, Stable Version. >> >> I configure my user with this option "sambaPwdMustChange: 0", and I >> logon in GDM without asking to change password. Who knows what can be? >> >> I use Samba PDC with Heimdal Kerberos, but, I configure PAM with only >> pam_winbind for tests... >> >> Client versions: >> ii libwbclient0 2:3.2.5-4 >> client library for interfacing with winbind service >> ii samba 2:3.2.5-4 a >> LanManager-like file and printer server for Unix >> ii samba-common 2:3.2.5-4 >> Samba common files used by both the server and the client >> ii winbind 2:3.2.5-4 >> service to resolve user and group information from Windows NT >> >> Server versions: >> ii samba 2:3.2.5-4 a >> LanManager-like file and printer server for Unix >> >> My configuration of PAM is simple: >> auth sufficient pam_winbind.so debug >> auth required pam_unix.so nullok_secure >> use_first_pass >> account sufficient pam_unix.so >> account sufficient pam_winbind.so >> account required pam_deny.so >> password sufficient pam_unix.so nullok obscure md5 >> password required pam_winbind.so >> session optional pam_unix.so >> session optional pam_winbind.so >> session optional pam_mkhomedir.so skel=/etc/skel/ >> umask=077 >> >> Debug PAM: >> pam_winbind(gdm:auth): [pamh: 0x88bcf70] ENTER: pam_sm_authenticate >> (flags: 0x0000) >> pam_winbind(gdm:auth): getting password (0x00000181) >> pam_winbind(gdm:auth): Verify user 'sachs' >> pam_winbind(gdm:auth): CONFIG file: krb5_ccache_type 'FILE' >> pam_winbind(gdm:auth): enabling krb5 login flag >> pam_winbind(gdm:auth): enabling request for a FILE krb5 ccache >> pam_winbind(gdm:auth): user 'sachs' granted access >> pam_winbind(gdm:auth): Returned user was 'sachs' >> pam_winbind(gdm:auth): [pamh: 0x88bcf70] LEAVE: pam_sm_authenticate >> returning 0 >> pam_winbind(gdm:account): user 'sachs' OK >> pam_winbind(gdm:account): user 'sachs' granted access >> pam_winbind(gdm:setcred): [pamh: 0x88bcf70] ENTER: pam_sm_setcred >> (flags: 0x0002) >> pam_winbind(gdm:setcred): PAM_ESTABLISH_CRED not implemented >> pam_winbind(gdm:setcred): [pamh: 0x88bcf70] LEAVE: pam_sm_setcred >> returning 0 >> >> Some configurations: >> 1 - Nsswitch configure with LDAP, its work fine. >> >> 2 - smb.conf >> >> [global] >> workgroup = _LOCAL_ >> netbios name = debian-x11 >> realm = LOCAL.INT.BR >> security = domain >> wins server = 10.111.222.100 >> use kerberos keytab = yes >> client use spnego = yes >> client NTLMv2 auth = yes >> >> bind interfaces only = yes >> interfaces = eth0 10.111.222.103, lo 127.0.0.1 >> hosts allow = 10.111.222.0/24, 127.0.0.1 >> >> debug level = 2 >> log file = /var/log/samba/%m.log >> max log size = 50 >> log level = 1 >> syslog = 0 >> utmp = Yes >> >> idmap uid = 10000-15000 >> idmap gid = 10000-15000 >> template shell = /bin/bash >> template homedir = /home/users/%U >> winbind separator = + >> winbind enum users = yes >> winbind enum groups = yes >> winbind use default domain = yes >> >> encrypt passwords = yes >> invalid users = root >> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 >> SO_SNDBUF=8192 >> local master = no >> domain master = no >> dns proxy = no >> >> preserve case = yes >> short preserve case = no >> default case = lower >> case sensitive = no >> >> dos charset = cp850 >> unix charset = iso8859-1 >> display charset = LOCALE >> restrict anonymous = 0 >> >> Thanks! >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba