similar to: Posted this question once already -- no response. Password expiry problem

Hi, i have configured a Samba PDC based on idealx.org. now, whenever i set the sambaMustChangePassword flag to 0, then from the subsequent logon, there is a popup urge me for changing password. now, the problem is after i have changed the password, the sambaMustChangePassword is set to 2147483647(unix timestamp), which if i converted it into human readable format, it will be 2038 year,

Okay I didn't read that. surprised that it should work with the databases as is. The dbcheck function was quite involved when it was run on the 4.5.5. update. On Thursday, 23 March 2017, 20:21, Ray Klassen <julius_ahenobarbus at yahoo.co.uk> wrote: After upgrade massive slowdown network wide. Does not make sense that it's the samba, but I've nothing left. Question

Hi all! We are using 1 Samba PDC and 2 bdc (Version 3.0.15pre3-SVN-build-UNKNOWN-PS-SuSE) with openldap2-2.2.6-37.38 on SLES 9. New users setup ok and first logon password change works. Because of HIPAA we need the passwords to change every 30 days however this isn't happening. I thought that I had this working once upon a time while I was testing and getting ready for production but

freely quoting from something I posted on #samba a couple of hours ago ########### it appears that challenge/response is actually broken in 4.5.5 Have upgraded 4 dc's and now winbind/freeradius does not work. focused on the radius box thinking that was the problem -- till I finally ran wbinfo -a user%password on all the dc's and they all behaved the same. -> plaintext succeeded

Okay, so I've just put the sernet repo file in my yum.repos.d directory and a yum update will elevate my samba server to the latest version. Is there any pitfall that is out there that I can avoid before yum updating. Centos 5.3 samba3-3.0.34-37 & related packages openldap-2.3.43-3.el5 & related packages I still have my samba3-3.0.34 packages squirreled away so I can force downgrade

I've been fiddling lately with Samba 3 coupled with openldap, nss_ldap, pam_ldap and the smbldap-tools to create a PDC. Following various examples, most things work, but I have an issue with changing passwords from Windows. If I manually change a password with smbldap-passwd, the script correctly adjusts the sambaPwdMustChange attribute according to what defaultMaxPasswordAge is set to. If

'right structure' is a bit above my level of knowledge.  microsoft documentation on NetSessionEnum level 10 has some sample code but I'm not sure how to implement it... On Wednesday, 12 September 2018, 07:59:50 GMT-7, Andrew Bartlett via samba <samba at lists.samba.org> wrote: On Wed, 2018-09-12 at 14:33 +0000, ray klassen via samba wrote: >  Are you saying that

Hello, I've been working with a xBase database (similar to dBase) in a multiuser application. There are like 40 users working on the database on the same time reading and like 10 writing information. Sometimes the CDX files (Index Files) get corrupted and is it's necessary to pack the tables (rebuild the indexes). I have notice using the smbstatus -B command the following Pid

Failed to find cifs/madmain at LAND.SUPERORG.COM(kvno 5) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] so far nothing works forever. the above error happens when the pc's are unable to connect to shares net leave/join fixes the problem temporarily. seems to relate to [Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] On Monday, 30

from the man page. I've never tried veto oplocks. But it looks like something that might be useful... > veto oplock files (S) > > This parameter is only valid when the oplocks parameter is turned > on for a share. It allows the Samba administrator to selectively > turn off the granting of oplocks on selected files that match a >

Hi, all: Two questions. Environment: Ubuntu 12.04 1) mount: unknown filesystem type 'smbfs' With default Samba 2:3.6.3-2ubuntu2.3 installed, all the following 3 commands failed: a) $ sudo mount -t *smbfs* -o username=MYNAME,password=MYPWD //mybooklive/myfolder /media/smb/ mount: unknown filesystem type 'smbfs' b) /media$ sudo mount -t *cifs* -o username=MYNAME,password=MYPWD

Hi, I'm having an issue trying to make a Windows machine sambaserveroin a Samba domain. Samba is running with LDAP backend (OpenLDAP). When I try to join the domain, Windows says that the machine account does not exist. The machine account, however, is successfully created in the LDAP directory after the join fails. When I try to join again, Windows says that the account already exists.

so if possible, I'd like an example of how to include system_groups_user in the userdb setup. I'm using ldap, but I could revert to using pam on ldap. There is a ldap query (gleaned from smbldap-tools) that will return a list of groups for a user (&(objectclass=posixGroup)(memberuid=%u)) but I don't know if the ldap driver will handle it but above all I can't figure out how

I have about 60 PC's running windows XP behind vpn routers in different locations. I find that they lose connection or sync (or whatever the right word is) to the domain periodically, probably when the vpn shuts down due to low demand. The result is that any domain user not already in the local password hash cache cannot log in and any local share with domain permissions on it will not

Thanks for the answer Marcel, I did get them confused. Any ideas why then that my passwords don't seem to be expiring even well after 60 days and despite having the domain policy enforcing password expiry? Thanks. Regards. Neil Wilson. On Mon, Jan 12, 2015 at 12:46 PM, Marcel de Reuver <marcel at de.reuver.org> wrote: > Account expiry and password expiry are not the same....

To be honest, the 'Dynamic Bind' method doesn't seem that secure to me, anybody could 'pretend' to be someone else. Rowland True! I agree with you Rowland that is a weakness. Unfortunately that is a universal weakness shared by all password-based authentication methods. I guess you would have to go with SSH-style encryption keys and certificates to circumvent that problem

Hi all, I have a couple of Samba 4 DCs on my network and I created a new service account LDAPReader on my DCs that my non-Samba third-party services such as Redmine successfully use to access AD via the LDAPS protocol. I have a couple of questions that relate to having service account of this nature implemented in Samba and I wondered if the group could possibly provide some advice? 1)

On Wed, 10 Apr 2019 16:25:47 +0100 Stephen via samba <samba at lists.samba.org> wrote: > To be honest, the 'Dynamic Bind' method doesn't seem that secure to > me, anybody could 'pretend' to be someone else. > > Rowland > > True! I agree with you Rowland that is a weakness. Unfortunately that > is a universal weakness shared by all password-based

I think we're suffering from bug 8641 at the moment: https://bugzilla.samba.org/show_bug.cgi?id=8641 where the netsamlogon_cache.tdb entries are not expiring. We use AD groups for our (redhat) server auth, and also use server-side group auth for NFS (with the --manage-gids flag). So if a user is not in a group on the server, they're denied access to files as per group permissions.

I've just found out that Samba (rather correctly) implements a nice and low password expiry date through the tdbsam backend, and I believe the "maximum password age" value. However, I can't, for the life of me, actually /set/ this thing. I've tried this: # pdbedit -u <username> -r -P "maximum password age" -C 100 And without the -r, and with various