Re: [Samba] Posted this question once already -- no response. Password expiry problem
On Tue, 2013-01-15 at 17:53 +, ray klassen wrote: Solved this problem gentle rant This is precisely the sort of question that should be answerable on this list. as no one run into this before? I've brought it up twice here and several times on the irc channel with no response, but the solution was simple enough /gentle rant anyway here it is. So that it goes in the mailing list and others can find it. /etc/smbldap-tools/smbldap.conf includes a line that says defaultMaxPasswordAge=45 FYI, I've never used smbldap-tools. This affects the sambaPwdMustChange date stamp attribute in the ldap user record at the time smbldap-passwd is run. sambaPwdMustChange appears to trump the user X flag and the maximum password age system policy Maybe that's the nature of the samba 3.x beast. Yes, that matches my recollection [I could be wrong]. The password policy just controlled the calculation of sambaPwdMustChange. I recall just going in sometimes and manually setting sambaPwdMustChange to some value like 12 in order to force a user to change there password on their next logon, and moving the value way up to avoid expiration. The precedent of one value over the other was never expressly documented AFAIK. I *assumed*, and it seemed to be true, that the more specific value [sambaPwdMustChange] would win. Maybe it has to be that way if you are using LDAP. Now that Samba 4 is out probably no one will want to comment on that. :) I suggest you upgrade yesterday. Samba4 is a much better PDC that Samba3 ever thought about being on the brightest most optimistic spring day. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Posted this question once already -- no response. Password expiry problem
Solved this problem gentle rant This is precisely the sort of question that should be answerable on this list. Has no one run into this before? I've brought it up twice here and several times on the irc channel with no response, but the solution was simple enough /gentle rant anyway here it is. So that it goes in the mailing list and others can find it. /etc/smbldap-tools/smbldap.conf includes a line that says defaultMaxPasswordAge=45 This affects the sambaPwdMustChange date stamp attribute in the ldap user record at the time smbldap-passwd is run. sambaPwdMustChange appears to trump the user X flag and the maximum password age system policy Maybe that's the nature of the samba 3.x beast. Maybe it has to be that way if you are using LDAP. Now that Samba 4 is out probably no one will want to comment on that. - Original Message - From: ray klassen julius_ahenobar...@yahoo.co.uk To: samba@lists.samba.org samba@lists.samba.org Cc: Sent: Monday, 14 January 2013, 10:06 Subject: [Samba] Posted this question once already -- no response. Password expiry problem A user with the X (password doesn't expire) flag on his account was forced to change his password because it expired on a system with pdbedit -P'maximum password age' account policy maximum password age description: Maximum password age, in seconds (default: -1 = never expire passwords) What's going on? why is samba ignoring this and expiring passwords anyways? samba Version: 2:3.6.3-2ubuntu2.3 on ubuntu Precise But I'm having the same issue with whatever version of samba is current on debian squeeze. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Posted this question once already -- no response. Password expiry problem
A user with the X (password doesn't expire) flag on his account was forced to change his password because it expired on a system with pdbedit -P'maximum password age' account policy maximum password age description: Maximum password age, in seconds (default: -1 = never expire passwords) What's going on? why is samba ignoring this and expiring passwords anyways? samba Version: 2:3.6.3-2ubuntu2.3 on ubuntu Precise But I'm having the same issue with whatever version of samba is current on debian squeeze. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
