Displaying 20 results from an estimated 5000 matches similar to: "Posted this question once already -- no response. Password expiry problem"
2005 Jun 02
5
Samba Password Expiry Date
Hi,
i have configured a Samba PDC based on idealx.org.
now, whenever i set the sambaMustChangePassword flag to 0, then
from the subsequent logon, there is a popup urge me for changing password.
now, the problem is after i have changed the password, the
sambaMustChangePassword
is set to 2147483647(unix timestamp), which if i converted it into human
readable format, it will be 2038 year,
2017 Mar 24
3
4 DC's to downgrade
Okay I didn't read that. surprised that it should work with the databases as is. The dbcheck function was quite involved when it was run on the 4.5.5. update.
On Thursday, 23 March 2017, 20:21, Ray Klassen <julius_ahenobarbus at yahoo.co.uk> wrote:
After upgrade massive slowdown network wide. Does not make sense that it's the samba, but I've nothing left. Question
2005 Jul 12
1
Samba3, ldap and password expiry
Hi all!
We are using 1 Samba PDC and 2 bdc (Version
3.0.15pre3-SVN-build-UNKNOWN-PS-SuSE) with openldap2-2.2.6-37.38 on
SLES 9.
New users setup ok and first logon password change works. Because of
HIPAA we need the passwords to change every 30 days however this isn't
happening.
I thought that I had this working once upon a time while I was testing
and getting ready for production but
2017 Mar 12
2
challenge/response problem in 4.5.5
freely quoting from something I posted on #samba a couple of hours ago
###########
it appears that challenge/response is actually broken in 4.5.5 Have upgraded 4 dc's and now winbind/freeradius does not work.
focused on the radius box thinking that was the problem -- till I finally ran
wbinfo -a user%password
on all the dc's and they all behaved the same. -> plaintext succeeded
2010 Apr 16
2
Any pitfalls updating straight from 3.0.34 to 3.5.2?
Okay, so I've just put the sernet repo file in my yum.repos.d directory and a yum update will elevate my samba server to the latest version. Is there any pitfall that is out there that I can avoid before yum updating.
Centos 5.3
samba3-3.0.34-37 & related packages
openldap-2.3.43-3.el5 & related packages
I still have my samba3-3.0.34 packages squirreled away so I can force downgrade
2004 Sep 15
4
Samba3 + smbldap-tools & smbpasswd
I've been fiddling lately with Samba 3 coupled with openldap, nss_ldap,
pam_ldap and the smbldap-tools to create a PDC.
Following various examples, most things work, but I have an issue with
changing passwords from Windows.
If I manually change a password with smbldap-passwd, the script
correctly adjusts the sambaPwdMustChange attribute according to what
defaultMaxPasswordAge is set to.
If
2018 Sep 12
2
eventlog functionality
'right structure' is a bit above my level of knowledge.
microsoft documentation on NetSessionEnum level 10 has some sample code but I'm not sure how to implement it...
On Wednesday, 12 September 2018, 07:59:50 GMT-7, Andrew Bartlett via samba <samba at lists.samba.org> wrote:
On Wed, 2018-09-12 at 14:33 +0000, ray klassen via samba wrote:
> Are you saying that
2018 Nov 22
5
Index Corruption xBase database
Hello,
I've been working with a xBase database (similar to dBase) in a multiuser
application. There are like 40 users working on the database on the same
time reading and like 10 writing information.
Sometimes the CDX files (Index Files) get corrupted and is it's necessary
to pack the tables (rebuild the indexes).
I have notice using the smbstatus -B command the following
Pid
2018 Jul 31
3
Winbind Craziness
Failed to find cifs/madmain at LAND.SUPERORG.COM(kvno 5) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
so far nothing works forever.
the above error happens when the pc's are unable to connect to shares net leave/join fixes the problem temporarily.
seems to relate to
[Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
On Monday, 30
2018 Nov 22
1
Index Corruption xBase database
from the man page. I've never tried veto oplocks. But it looks like
something that might be useful...
> veto oplock files (S)
>
> This parameter is only valid when the oplocks parameter is turned
> on for a share. It allows the Samba administrator to selectively
> turn off the granting of oplocks on selected files that match a
>
2012 Sep 05
2
samba4 installation Error and mount: unknown filesystem type 'smbfs'
Hi, all:
Two questions.
Environment: Ubuntu 12.04
1) mount: unknown filesystem type 'smbfs'
With default Samba 2:3.6.3-2ubuntu2.3 installed, all the following 3
commands failed:
a)
$ sudo mount -t *smbfs* -o username=MYNAME,password=MYPWD
//mybooklive/myfolder /media/smb/
mount: unknown filesystem type 'smbfs'
b)
/media$ sudo mount -t *cifs* -o
username=MYNAME,password=MYPWD
2012 Oct 09
2
Cannot make Windows join Samba domain
Hi,
I'm having an issue trying to make a Windows machine sambaserveroin a Samba domain. Samba is running with LDAP backend (OpenLDAP). When I try to join the domain, Windows says that the machine account does not exist. The machine account, however, is successfully created in the LDAP directory after the join fails. When I try to join again, Windows says that the account already exists.
2013 Aug 02
1
system_groups_user syntax especially in LDAP
so if possible, I'd like an example of how to include system_groups_user in the userdb setup.
I'm using ldap, but I could revert to using pam on ldap.
There is a ldap query (gleaned from smbldap-tools) that will return a list of groups for a user
(&(objectclass=posixGroup)(memberuid=%u)) but I don't know if the ldap driver will handle it but above all I can't figure out how
2010 Nov 24
1
VPN/WAN Domain members
I have about 60 PC's running windows XP behind vpn routers in different
locations. I find that they lose connection or sync (or whatever the right word
is) to the domain periodically, probably when the vpn shuts down due to low
demand. The result is that any domain user not already in the local password
hash cache cannot log in and any local share with domain permissions on it will
not
2015 Jan 12
1
User and Password expiry
Thanks for the answer Marcel, I did get them confused.
Any ideas why then that my passwords don't seem to be expiring even
well after 60 days and despite having the domain policy enforcing
password expiry?
Thanks.
Regards.
Neil Wilson.
On Mon, Jan 12, 2015 at 12:46 PM, Marcel de Reuver <marcel at de.reuver.org> wrote:
> Account expiry and password expiry are not the same....
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
2019 Apr 10
2
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
To be honest, the 'Dynamic Bind' method doesn't seem that secure to me,
anybody could 'pretend' to be someone else.
Rowland
True! I agree with you Rowland that is a weakness. Unfortunately that is
a universal weakness shared by all password-based authentication
methods. I guess you would have to go with SSH-style encryption keys and
certificates to circumvent that problem
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
2019 Apr 10
2
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
Hi all, I have a couple of Samba 4 DCs on my network and I created a new
service account LDAPReader on my DCs that my non-Samba third-party
services such as Redmine successfully use to access AD via the LDAPS
protocol.
I have a couple of questions that relate to having service account of
this nature implemented in Samba and I wondered if the group could
possibly provide some advice?
1)
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
2019 Apr 10
0
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
On Wed, 10 Apr 2019 16:25:47 +0100
Stephen via samba <samba at lists.samba.org> wrote:
> To be honest, the 'Dynamic Bind' method doesn't seem that secure to
> me, anybody could 'pretend' to be someone else.
>
> Rowland
>
> True! I agree with you Rowland that is a weakness. Unfortunately that
> is a universal weakness shared by all password-based
2014 Jun 11
1
Expiry of entries in netsamlogon_cache.tdb
I think we're suffering from bug 8641 at the moment:
https://bugzilla.samba.org/show_bug.cgi?id=8641
where the netsamlogon_cache.tdb entries are not expiring.
We use AD groups for our (redhat) server auth, and also use server-side group
auth for NFS (with the --manage-gids flag). So if a user is not in a group on
the server, they're denied access to files as per group permissions.
2003 Sep 30
1
Modifying password expiry dates
I've just found out that Samba (rather correctly) implements a nice and low
password expiry date through the tdbsam backend, and I believe the "maximum
password age" value.
However, I can't, for the life of me, actually /set/ this thing. I've tried
this:
# pdbedit -u <username> -r -P "maximum password age" -C 100
And without the -r, and with various