I read a few posts in the archives about this problem and that it was to
be fixed in 3.0.23c. Currently I'm running 3.0.23d-2+b1 on a debian
system and am getting the following:
$ ssh -l testuser fileserver
Password:
Your password has expired
Here's what auth.log shows:
Jan 4 11:46:26 tmcsamba1 pam_winbind[14309]: user 'DOMAIN1+testuser' OK
Jan 4 11:46:26 tmcsamba1 pam_winbind[14309]: user 'DOMAIN1+testuser'
granted access
Jan 4 11:46:26 tmcsamba1 smbd[14309]: (pam_unix) session opened for
user DOMAIN1+testuser by (uid=0)
Jan 4 11:46:26 tmcsamba1 pam_winbind[14310]: user 'DOMAIN1+testuser' OK
Jan 4 11:46:26 tmcsamba1 pam_winbind[14310]: user 'DOMAIN1+testuser'
granted access
Jan 4 11:46:26 tmcsamba1 smbd[14310]: (pam_unix) session opened for
user DOMAIN1+testuser by (uid=0)
Jan 4 11:46:26 tmcsamba1 smbd[14309]: (pam_unix) session closed for
user DOMAIN1+testuser
Jan 4 11:46:26 tmcsamba1 smbd[14310]: (pam_unix) session closed for
user DOMAIN1+testuser
Jan 4 11:48:41 tmcsamba1 pam_winbind[14324]: user 'testuser' granted
access
Jan 4 11:48:41 tmcsamba1 pam_winbind[14324]: user 'testuser' OK
Jan 4 11:48:41 tmcsamba1 pam_winbind[14324]: pam_sm_acct_mgmt success
but PAM_WINBIND_NEW_AUTHTOK_REQD is set
Jan 4 11:48:41 tmcsamba1 pam_winbind[14324]: user 'testuser' needs new
password
Jan 4 11:48:41 tmcsamba1 sshd[14324]: (pam_unix) user "testuser" does
not exist in /etc/passwd or NIS
If there anything else I need to upgrade or restart in order to shake
this problem? I know I can set the global policy to password never
expires, but I don't want to do tha tsince there are only a few users
that I want to allow to not change their passwords.