nobody to help?
On Fri, 2011-06-24 at 16:56 +0200, Fabio Pardi wrote: > Dears, > > Unfortunately it happened again. > Now i see the user has the flags UX, but the system keeps asking for a > password change in loop. > > details about pdbedit -L -v > > --------------- > Unix username: myuser > NT username: myuser > Account Flags: [UX ] > User SID: S-1-5-21-222803232-3192872370-2452721687-1015 > Primary Group SID: S-1-5-21-222803232-3192872370-2452721687-513 > Full Name: hers name > Home Directory: > HomeDir Drive: > Logon Script: users/login.bat > Profile Path: > Domain: mydomain > Account desc: Software Developer > Workstations: > Munged dial: > Logon time: 0 > Logoff time: never > Kickoff time: 0 > Password last set: Fri, 24 Jun 2011 16:48:34 CEST > Password can change: Fri, 24 Jun 2011 16:48:34 CEST > Password must change: never > Last bad password : 0 > Bad password count : 0 > Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > ------------------------- > > > > > On Fri, 2011-06-17 at 16:32 +0200, Fabio Pardi wrote: > > > Thanks a lot Christ, > > > > a managed using pdbedit. In facts, many accounts were carrying only the > > [U], no X (but i clearly remember I changed every user's setting with > > "password never expires" from the srvtool graphical tool :s ) > > > > Now the only thing i have to do is waiting.... > > > > Thanks a lot for your time, hoping this will permanently do the job. > > > > Best Regards > > > > Fabio > > > > On Thu, 2011-06-16 at 06:52 -0700, Christ Schlacta wrote: > > > > > use pdbedit or your web-based ldap manager to update the account flags > > > to [UX]. document the previous value before changing the flags. Use > > > smbldap tools to update the expire time. if none of this fixes it, post > > > an ldif if an affected user account, as well as all the info from > > > smbldap-tools about said user. > > > On 6/16/2011 06:39, Fabio Pardi wrote: > > > > Hi everybody, > > > > > > > > I think i need a samba guru to solve this issue, because googling for > > > > months did not help and the problem is becoming pressing. > > > > I'm facing an annoying problem with samba. In detail, there is something > > > > wrong with the password handling. It happens from windows, mac or linux > > > > clients. > > > > Randomly (probably after $num days), the system asks to the user to > > > > change the password. After the user did it, the system keeps asking the > > > > same, in a sort of loop. > > > > The only option to change it is to manually go on the console and issue > > > > the command "smbldap-passwd username". > > > > > > > > My system: > > > > > > > > ubuntu lucid 32 bit > > > > > > > > smb.conf > > > > > > > > ----cut--- > > > > [global] > > > > idmap uid = 1000-15000 > > > > idmap gid = 1000-15000 > > > > > > > > > > > > workgroup = PORTAVITA > > > > > > > > netbios name = PSAMBA > > > > > > > > domain logons = Yes > > > > domain master = Yes > > > > wins support = true > > > > obey pam restrictions = Yes > > > > dns proxy = No > > > > > > > > log level = 2 > > > > os level = 35 > > > > log file = /var/log/samba/log.%m > > > > max log size = 1000 > > > > syslog = 0 > > > > panic action = /usr/share/samba/panic-action %d > > > > pam password change = Yes > > > > # Allows users on WinXP PCs to change their password when they > > > > press Ctrl-Alt-Del > > > > unix password sync = no > > > > ldap passwd sync = yes > > > > > > > > passdb backend = ldapsam:ldap://localhost > > > > > > > > ldap suffix = dc=pdc > > > > > > > > ldap admin dn = cn=admin,dc=pdc > > > > > > > > ldap machine suffix = ou=Computers > > > > ldap user suffix = ou=Users > > > > ldap group suffix = ou=Groups > > > > ldap idmap suffix = ou=Idmap > > > > > > > > ldap ssl = no > > > > > > > > add user script = /usr/sbin/smbldap-useradd -m '%u' > > > > delete user script = /usr/sbin/smbldap-userdel %u > > > > > > > > > > > > #those scripts are modified so we can create groups also on the system > > > > add group script = /usr/sbin/addgroupldap-system '%g' > > > > delete group script = /usr/sbin/delgroupldap-system '%g' > > > > add user to group script > > > > = /usr/sbin/add-user-to-group-ldap-system '%u' '%g' > > > > add user to group script = /usr/sbin/add-user-to-group-ldap-system '%u' > > > > '%g' > > > > delete user from group script > > > > = /usr/sbin/del-user-to-group-ldap-system -x '%u' '%g' > > > > > > > > > > > > > > > > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '% > > > > u' > > > > add machine script = /usr/sbin/smbldap-useradd -w '%u' > > > > logon drive = > > > > logon home = > > > > logon path = > > > > logon script = users/login.bat > > > > server signing = auto > > > > server schannel = Auto > > > > nt acl support = yes > > > > [homes] > > > > comment = Home Directories > > > > valid users = %S > > > > read only = No > > > > browseable = No > > > > > > > > [netlogon] > > > > comment = Network Logon Service > > > > path = /var/lib/samba/netlogon > > > > admin users = root > > > > guest ok = Yes > > > > browseable = No > > > > logon script = login.bat > > > > > > > > [Software] > > > > comment = Software Folder > > > > path = /share/software > > > > create mask = 0777 > > > > directory mask = 0777 > > > > read only = no > > > > writable = yes > > > > browsable = yes > > > > invalid users =guest123 > > > > > > > > [progr] > > > > comment = Prog Folder > > > > path = /share/prog > > > > create mask = 0777 > > > > directory mask = 0777 > > > > read only = no > > > > writable = yes > > > > browsable = yes > > > > invalid users =guest123 > > > > > > > > ----cut---- > > > > > > > > samba version from package is 3.4.7 > > > > ldapadd -V > > > > ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.21 (Aug 10 2010 17:07:36) $ > > > > > > > > buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/clients/tools > > > > (LDAP library: OpenLDAP 20421) > > > > SASL/DIGEST-MD5 authentication started > > > > > > > > > > > > > > > > Any help or suggestion is strongly appreciated. > > > > > > > > Regards, > > > > > > > > Fabio > > > > > > > > > > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
