NSC - NetworkServiceCenter wrote: > hello list! > the basic systems worked and all problems i'm going to describe occurred in > both testenvironments! > > 1. after login from w2k i get the message, that the password expires and > asks me if i want to change. if i change or not, at next logon the > situation is the same, but i can login over a few weeks without > passwordchange. > - the only information i found about in the web is, that i can set the > users pwdLastSet to -1, but, on the one hand, i doesn't work and on the > other hand, if anyone changes his password this field would be overwritten > automatically and the old problem starts again.
some report that the account flags have to be [UX ] (with added X), which means that the password will not expire. however, i think this didn't work for men. my solution (found in some ldap-samba-pdc-howto) was to set the pwdMustChange to 2147483647 (which is far in the future: 2030 or something) > > > 2. the unix password sync doesn't work. but i think there are two different > problems, but let me describe: if i activated the password sync, i got on you have to set the password chat to something that reflects your systems password chat (no na) on my system, when i try to change my password (with correct pam.d/passwd pam_ldap.conf etc) with "passwd" i get following dialog: <snip> New password: Re-enter new password: </snip> so the password chat in [global] is as follows: passwd program = /usr/bin/passwd %u passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n . > 3. the domain group map doesn't work! i found a lot of descriptions about i have not tried this yet, but i think that 2.2.3a does not supprt domain-group-mapping (but 2.2.4 should ???) mfg.cd.sadf IOhannes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
