We faced the following error while testing a Kerberos login on a linux machine joined in the domain by likewise-open: root@test:/etc# kinit test Password for [email protected] <miquel@SCYTL_INT.LOCAL>: Warning: Your password will expire in less than one hour on Thu Jan 1 01:00:00 1970
What do actually mean: Minimum password age (days): 0 Maximum password age (days): 0 I've dumped all users from the builtin LDAP in Samba v4, and none of them had any reference to the password expiration date - they did have a value for the last time they changed the password though. It seems that it is really important to set a password expiration date after a classic upgrade, isn't it? On Tue, Apr 30, 2013 at 10:00 AM, Andreas Calvo <[email protected]> wrote: > These are the current settings for the password expiration policy in the > domain: > Password complexity: on > Store plaintext passwords: off > Password history length: 0 > Minimum password length: 8 > Minimum password age (days): 0 > Maximum password age (days): 0 > > Is it necessary to set a value? > A lot of users are seeing the pop-up "windows needs your credentials. Log > off and on again". > > > On Mon, Apr 29, 2013 at 3:11 AM, Andrew Bartlett <[email protected]>wrote: > >> On Sun, 2013-04-28 at 14:31 +0200, Andreas Calvo wrote: >> > I've changed some of my test users passwords, just to renew the password >> > expiration date. >> > I may check if they are still expired or if I have to set a new >> expiration >> > policy. >> > Is it set as a GPO or using the samba-tools? >> >> Password expiry for the domain is applied using samba-tool: >> >> samba-tool domain passwordsettings >> >> As Samba can't read GPO files (but can serve them to clients), we don't >> follow anything from the GPO. The only exception is that if a windows >> DC shares the domain, and it has the GPO files, it will 'fix' the >> directory to match the GPO. >> >> Andrew Bartlett >> -- >> Andrew Bartlett >> http://samba.org/~abartlet/ >> Authentication Developer, Samba Team http://samba.org >> >> >> > > > -- > Atentamente, > Andreas Calvo > -- Atentamente, Andreas Calvo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
