Hi Mourik Jan,
I think I found the issue. LAM uses cn=builtin,dc=company,dc=com for the
policy. Seems like this one has a different max age. You should see a
log message "Using maxPwdAge = ..." at the beginning of the log.
If I understand you correctly then you have assigned a special password
policy to these users or your other users?
Best regards
Roland
Am 18.09.21 um 16:27 schrieb mj:
Hi Roland,
So we did. The requested debug output:
2021-09-17 12:28:22 Debug Checking
CN=user1,CN=Users,DC=samdom,DC=company,DC=com
2021-09-17 12:28:22 Debug Last password change on 2021-08-10
2021-09-17 12:28:22 Debug Number of days before warning 7
2021-09-17 12:28:22 Debug Password expires on 2021-09-22
2021-09-17 12:28:22 Debug Password notification on 2021-09-15 12:55
2021-09-17 12:28:22 Info Not sending email to
CN=user1,CN=Users,DC=samdom,DC=company,DC=com because of dry run.
Strange thing is that from a windows domain member elevated cmd:
"net user user1 /domain":
Password expires never
And also from a samba DC:
"pdbedit -u user1 -w -v":
Password must change: never
Both sides agree that the password for user1 should not expire.
I started a small thread on the samba mailinglist about the observed
behaviour. Find it here:
https://lists.samba.org/archive/samba/2021-September/237318.html
We're not sure where things go wrong. Do you have an idea?
Have a nice weekend!
MJ
Op 16-09-2021 om 19:23 schreef Roland Gruber:
Hi Mourik Jan,
please set LAM log level to debug and run the command as your
webserver user with "--dryRun" at the end:
https://www.ldap-account-manager.org/static/doc/manual/ch03.html#conf_logging
https://www.ldap-account-manager.org/static/doc/manual/ch03s02.html#idm1166
This will give you more details on the calculation of the dates.
Best regards
Roland
Am 16.09.21 um 10:11 schrieb mj:
Hi Roland,
Something we noticed, with the password expiration job:
Notifications were sent out today to two specific users, with the
text "Your password is set to expire on 22.09.2021 (DDMMYYYY)".
This surprised us, because when checking this user in the LAM web
interface, it says:
Last password change 2021-08-10 14:07:41
Last login 2021-09-07 10:06:27
and our (samba AD) password policy is set to:
root@addc:~# samba-tool domain passwordsettings show
Password information for domain 'DC=samdom,DC=company,DC=com'
Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 14
Minimum password age (days): 0
Maximum password age (days): 0
Account lockout duration (mins): 30
Account lockout threshold (attempts): 20
Reset account lockout after (mins): 60
Is there a way to find out what causes LAM to think that the password
is about to expire?
MJ
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public