On Wed, 2003-03-05 at 06:12, [EMAIL PROTECTED] wrote: > > > > > > Still no luck. > I set 'obey pam restrictions = yes' and 'pam password change yes', I > already had the 'unix password sync = yes'. > I can see entries in the log like this : > > Mar 4 13:13:42 servername samba(pam_unix)[12225]: session opened for user > username by (uid=0) > Mar 4 13:14:37 servername samba(pam_unix)[12225]: session closed for users > username > > So I'm assuming samba is working with pam. I have also successfully > changed my user password via the client. I have edited /etc/shadow to > expire my password in 1 day. when I log into the machine via ssh I get the > messages saying my password is about to expire, but when I log onto the PC > (which has joined the domain) I don't get the popup message. If my > password does expire on linux/samba, I get locked out of the domain without > receiving any message on the PC. (This happened to me when my password > expired yesterday). > > I have samba and pam implemented, do I need to implement something else?
Don't use Win9X as a 'domain' client. Samba 2.2. does not support sensible error codes to Win9X for this behavior. Samba 3.0 does, however (due to a complete auth rewrite). > Should I try implementing OpenLDAP? I don't want to implement an alpha > version of samba 3.0 since this is a production environment and I can't > risk having users locked out. > > Is there somewhere else I can look to get documentation about this? > > Thank you, > > > Joseph Morin > Dominion Diagnostics > > > > > Andrew Bartlett > <[EMAIL PROTECTED] > rg> To > [EMAIL PROTECTED] > 02/19/2003 06:12 cc > PM [EMAIL PROTECTED] > Subject > Re: [Samba] password aging > > > > > > > > > > > On Thu, 2003-02-20 at 07:11, [EMAIL PROTECTED] wrote: > > > > > > > > > > What are my options for implementing password aging using samba as my PDC > ? > > I can set the users Linux password to expire, but it doesn't seem to > > propagate to their samba passwords. > > I absolutely need this functionality. Is OpenLDAP the answer? > > If you set 'obey pam restrictions = yes' and setup the correct PAM > configuration files, then Samba will also honer this. You should also > set 'unix password sync = yes' and 'pam password change yes' so that the > password changes update the PAM backend too. > > Or move to Samba 3.0 (currently alpha) and use the pdb_ldap backend to > store your passwords, which fully supports password expiry, based on our > own 'pwdMustChange' attribute. > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net > (See attached file: signature.asc) -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba