Let me understand.
On Fri, Feb 26, 2010 at 6:52 AM, Martin Schmidt < [email protected]> wrote: > hi again, > > in my case it works now after setting the "maximum password age" to a point > far in future, but not to "never". > So this works: > pdbedit -P "maximum password age" -C 4294967294 > This way, the message stops ? > but this not: > > pdbedit -P "maximum password age" -C -1 > > I have also re-disabled the users account control property "Password does > not expire" using > pdbedit -r -c "[]" test > > Unix username: test > NT username: Account Flags: [U ] > > User SID: S-1-5-21-1200361472-1041780773-253280391-2648 > Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513 > Full Name: Home Directory: \\fecenter\test > HomeDir Drive: Q: > Logon Script: Profile Path: \\fecenter\profiles\test > Domain: LSFE > Account desc: Workstations: Munged dial: Logon time: > 0 > Logoff time: never > Kickoff time: never > Password last set: Thu, 25 Feb 2010 10:35:29 CET > Password can change: Thu, 25 Feb 2010 10:35:29 CET > Password must change: Sun, 03 Apr 2146 18:03:43 CEST > > Last bad password : 0 > Bad password count : 0 > Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > > I could have hit on it in a moment! > Disabling this policy the message stop too ? Regards , > > regards, > Martin > > > > > Martin Schmidt schrieb: > > hi, >> I tried pdbedit -P "maximum password age" -C -1, but with no effect. >> pdbedit -r -c "[X]" test and retyping the password via "smbpasswd test" >> had also no effect, curiously "pdbedit -v test" gives following: >> >> Unix username: test >> NT username: Account Flags: [UX ] >> User SID: S-1-5-21-1200361472-1041780773-253280391-2648 >> Primary Group SID: S-1-5-21-1200361472-1041780773-253280391-513 >> Full Name: Home Directory: \\fecenter\test >> HomeDir Drive: Q: >> Logon Script: Profile Path: \\fecenter\profiles\test >> Domain: LSFE >> Account desc: Workstations: Munged dial: Logon time: >> 0 >> Logoff time: never >> Kickoff time: never >> Password last set: Thu, 25 Feb 2010 09:47:06 CET >> Password can change: Thu, 25 Feb 2010 09:47:06 CET >> Password must change: never >> Last bad password : 0 >> Bad password count : 0 >> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> >> >> regards, >> Martin >> >> >> >> Gaiseric Vandal schrieb: >> >>> We had a few users with the same problem when we moved the password >>> backend from tdb to ldap. The following command seem to fix it. >>> >>> pdbedit -P "maximum password age" -C -1 >>> >>> >>> >>> >>> On 02/24/2010 04:25 PM, Marcelo Terres wrote: >>> >>>> Samba 3.0.24 doesn't have the problem, maybe because it doesn't support >>>> the >>>> policies domain account (configured with pdbedit). >>>> >>>> This feature starts in 3.0.25 and the problems with password expiration >>>> starts in the version either. >>>> >>>> Regards, >>>> >>>> Marcelo H. Terres >>>> [email protected] >>>> **************************************** >>>> ICQ: 6649932 >>>> MSN: [email protected] >>>> Jabber: [email protected] >>>> http://twitter.com/mhterres >>>> http://identi.ca/mhterres >>>> **************************************** >>>> http://mundoopensource.blogspot.com/ >>>> http://www.propus.com.br >>>> Sent from Porto Alegre, RS, Brazil >>>> >>>> On Wed, Feb 24, 2010 at 2:38 PM, Martin Schmidt< >>>> [email protected]> wrote: >>>> >>>> >>>> >>>>> Hi, >>>>> >>>>> I have a very similiar problem, but the story is an other: >>>>> >>>>> I migrated from sles 10 sp2 samba 3.0.24 to ubuntu 9.10 server samba >>>>> 3.4.3 >>>>> (pdc). The user-accounts were moved following this instruction: >>>>> >>>>> http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/. >>>>> >>>>> When some user now try to login to the domain from a xp-client >>>>> following >>>>> message appears at every login: "Your Windows password has expired and >>>>> must >>>>> be changed. You must change your password now!" The user can change the >>>>> password and everything works fine. But at next login the same story. >>>>> This >>>>> happens only to some of the old users and to all users created after >>>>> migration. Any idea what could be the reason for this? I already >>>>> searched a >>>>> lot but didn't find something like this. >>>>> >>>>> Thanks for any info. >>>>> >>>>> Regards, >>>>> Martin >>>>> >>>>> Dipl.- Geogr. Martin Schmidt >>>>> >>>>> Würzburg University >>>>> Department of Geography >>>>> Remote Sensing Unit >>>>> & >>>>> German Remote Sensing Data Center (DFD) at >>>>> German Aerospace Center (DLR) Oberpfaffenhofen >>>>> -------------------------------------------------------- >>>>> Am Hubland >>>>> 97074 Würzburg >>>>> phone: +49 (931) 31-88179 >>>>> fax: +49 (931) 888-5544 >>>>> eMail: [email protected] >>>>> >>>>> >>>>> >>>>> Here my smb.conf: >>>>> >>>>> [global] >>>>> #log file = /var/log/samba.%m >>>>> smb ports = 139 445 >>>>> #root = administrator >>>>> #DOMAIN ADMINS = root, administrator >>>>> >>>>> #----Allgemeine >>>>> Einstellungen-------------------------------------------------- >>>>> #Workgroup >>>>> netbios name = XXX #netbios aliases = XXX >>>>> server string = XXX >>>>> workgroup = XXX >>>>> guest account = XXX >>>>> >>>>> >>>>> >>>>> #-----Sicherheit-------------------------------------------------------------- >>>>> >>>>> #Nur Subnetz FE zulassen >>>>> hosts deny = XXX >>>>> hosts allow = XXX >>>>> >>>>> #Nur die Ethernet Karte 0 und Loopback zulassen >>>>> interfaces = eth0 lo >>>>> bind interfaces only = yes >>>>> >>>>> #Unbekannt Nutzer rejecten >>>>> #map to guest = Never >>>>> >>>>> #Zugriff auf benutzerdefinierte Freigaben nicht erlauben >>>>> #usershare allow guests = No >>>>> >>>>> #Kommunikation der Clients mit Samba auf User Ebene >>>>> #Passwort - Backend >>>>> #passdb backend = tdbsam:/etc/samba/passdb.tdb >>>>> passdb backend= smbpasswd security = user >>>>> encrypt passwords = true smb passwd file = /etc/samba/smbpasswd >>>>> passwd program = /usr/bin/smbpasswd %u >>>>> unix password sync = false >>>>> obey pam restrictions = yes >>>>> >>>>> #Fuer bestimmte Nutzer gibts extra smb.conf Dateien >>>>> config file = /etc/samba/smb.conf.%U >>>>> >>>>> >>>>> #---- Roaming Profiles >>>>> ----------------------------------------------------- >>>>> #Antworten auf WIN98/95 Anfragen >>>>> domain logons = Yes >>>>> logon path = \\%L\profiles\%U >>>>> logon drive = Q: >>>>> #logon script = logon.cmd >>>>> >>>>> #---- Browsing und Domain Master (PDC) >>>>> ------------------------------------- >>>>> #wins support = Yes >>>>> #wins server = XXX >>>>> #wins proxy = yes >>>>> #PDC im Subnetz >>>>> domain master = Yes >>>>> local master = Yes >>>>> preferred master = Yes >>>>> os level = 65 >>>>> #client-side caching policy >>>>> #csc policy = disable >>>>> >>>>> >>>>> #----Benutzerverwaltung----------------------------------------------------- >>>>> >>>>> #Hinzufuegen einer Maschine ueber die Methode Benutzername/Passwort >>>>> #add machine script = /usr/sbin/useradd -c Machine -d >>>>> /var/lib/nobody -s >>>>> /bin/false %m$ >>>>> >>>>> >>>>> #---Drucker---------------------------------------------------------------- >>>>> >>>>> load printers = no >>>>> printing = bsd >>>>> printcap name = /dev/null >>>>> disable spoolss = yes >>>>> >>>>> >>>>> #----Tuning----------------------------------------------------------------- >>>>> >>>>> socket options = TCP_NODELAY IPTOS_LOWDELAY >>>>> #Zeit zur Unterbrechung der Verbindung Server-Client bei Verlust des >>>>> Clients >>>>> deadtime = 10 >>>>> #getwd cache = yes >>>>> #kernel oplocks = no >>>>> ldap suffix = >>>>> log level = 1 >>>>> #Sonstiger Mist >>>>> #include = /etc/samba/dhcp.conf >>>>> dos charset = CP850 >>>>> display charset = ISO8859-1 >>>>> unix charset = ISO8859-1 >>>>> #oplock break wait time = 20 >>>>> #oplocks = no >>>>> #kernel oplocks = no >>>>> >>>>> #---- Zeit-Server >>>>> ---------------------------------------------------------- >>>>> time server = true >>>>> >>>>> ################################### >>>>> # Anmeldung Freigaben ############# >>>>> ################################### >>>>> >>>>> [homes] >>>>> comment = Home Directories >>>>> valid users = %S, %D%w%S >>>>> browseable = No >>>>> read only = No >>>>> inherit acls = Yes >>>>> create mask = 0664 >>>>> directory mask = 0775 >>>>> >>>>> [profiles] >>>>> comment = Network Profiles Service >>>>> path = /home/samba/windowsprofiles >>>>> hide files = /desktop.ini/ >>>>> read only = No >>>>> browseable = No >>>>> guest ok = Yes >>>>> writable = Yes >>>>> printable = No >>>>> store dos attributes = Yes >>>>> create mask = 0700 >>>>> directory mask = 0700 >>>>> >>>>> [netlogon] >>>>> comment = Network Logon Service2 >>>>> path = /home/samba/netlogon/%g >>>>> guest ok = Yes >>>>> browseable = No >>>>> read only = No >>>>> writable = Yes >>>>> >>>>> >>>>> ################################### >>>>> # Freigaben ####################### >>>>> ################################### >>>>> ... >>>>> >>>>> >>>>> >>>>> >>>>> Marcelo Terres schrieb: >>>>> >>>>> Hi. >>>>> >>>>> >>>>>> I enabled policies with pdbedit. Password must be changed every 90 >>>>>> days >>>>>> and >>>>>> must contain at least 8 characters. I enabled password history too. >>>>>> >>>>>> After that (I tried it in samba 3.4.3 and 3.0.25 with same behaviour) >>>>>> every >>>>>> time a user try to log in the domain using Windows receives a "Your >>>>>> password >>>>>> expires today. Do you want to change it now ?" message box. If the >>>>>> password >>>>>> is changed, the message appear again next time the user try to login. >>>>>> If >>>>>> the >>>>>> user answers no the same thing happens in the next login. >>>>>> >>>>>> I tested it with a lot of users and changed the passwords several >>>>>> times >>>>>> and >>>>>> the problem continues. >>>>>> >>>>>> Anybody have some idea about this problem ? >>>>>> >>>>>> Thanks in advance. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Marcelo H. Terres >>>>>> [email protected] >>>>>> **************************************** >>>>>> ICQ: 6649932 >>>>>> MSN: [email protected] >>>>>> Jabber: [email protected] >>>>>> http://twitter.com/mhterres >>>>>> http://identi.ca/mhterres >>>>>> **************************************** >>>>>> http://mundoopensource.blogspot.com/ >>>>>> http://www.propus.com.br >>>>>> Sent from Porto Alegre, RS, Brazil >>>>>> >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read the >>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>> >>>>> >>>>> >>>> >>> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > Marcelo H. Terres [email protected] **************************************** ICQ: 6649932 MSN: [email protected] Jabber: [email protected] http://twitter.com/mhterres http://identi.ca/mhterres **************************************** http://mundoopensource.blogspot.com/ http://www.propus.com.br -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
