Lorenzo Milesi
2010-Jul-27 13:14 UTC
[Samba] Changing password on unix client joined to AD
Hi. I've set up a Samba PDC on Debian, working fine with XP Clients. I'm now trying to have a linux client join the domain. I managed to do that, but I cannot handle password expiration. When the domain pass is expired, in GDM I see a message "Your password is expired" but the user can log in anyway. I used the following guide to configure my Linux client, which is an Ubuntu 10.04: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto Configured PAM using pam-auth-update. common-auth is: auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login use_first_pass common-password password [success=2 default=ignore] pam_unix.so obscure sha512 password [success=1 default=ignore] pam_winbind.so use_authtok use_first_pass nsswitch.conf passwd: files winbind group: files winbind shadow: files winbind hosts: files dns What should I change? thanks -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - http://www.yetopen.it/ Via Torri Tarelli 19 - 23900 Lecco - ITALY - Tel 0341 220 205 - Fax 178 6070 222 GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it -------- D.Lgs. 196/2003 -------- Si avverte che tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie.
Lorenzo Milesi wrote:> Hi. > > I've set up a Samba PDC on Debian, working fine with XP Clients. > > I'm now trying to have a linux client join the domain. I managed to do that, but I cannot handle password expiration. When the domain pass is expired, in GDM I see a message "Your password is expired" but the user can log in anyway. > > I used the following guide to configure my Linux client, which is an Ubuntu 10.04: > https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto > > Configured PAM using pam-auth-update. > common-auth is: > auth [success=2 default=ignore] pam_unix.so nullok_secure > auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login use_first_pass > > common-password > password [success=2 default=ignore] pam_unix.so obscure sha512 > password [success=1 default=ignore] pam_winbind.so use_authtok use_first_pass > > nsswitch.conf > passwd: files winbind > group: files winbind > shadow: files winbind > hosts: files dns > > > What should I change? > thanks >GDM not support this feature: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/114620 if you want, you can hack gdm)