What are my options for implementing password aging using samba as my PDC ? I can set the users Linux password to expire, but it doesn't seem to propagate to their samba passwords. I absolutely need this functionality. Is OpenLDAP the answer? Joseph Morin
On Thu, 2003-02-20 at 07:11, joe.morin@dominiondiagnostics.com wrote:> > > > > What are my options for implementing password aging using samba as my PDC ? > I can set the users Linux password to expire, but it doesn't seem to > propagate to their samba passwords. > I absolutely need this functionality. Is OpenLDAP the answer?If you set 'obey pam restrictions = yes' and setup the correct PAM configuration files, then Samba will also honer this. You should also set 'unix password sync = yes' and 'pam password change yes' so that the password changes update the PAM backend too. Or move to Samba 3.0 (currently alpha) and use the pdb_ldap backend to store your passwords, which fully supports password expiry, based on our own 'pwdMustChange' attribute. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030220/c717cfdf/attachment.bin
Hi, I recently upgraded to Samba 2.2.8 running on Solaris 8. Since doing so, I have noticed that I get a message telling me my password will expire in x days, and if I want to change it now. I never had this message show up before. In looking through the archives, I saw that password aging is supposed to go into Samba 3.x but hasn't made it into the 2.2.x branch. So why am I getting these messages now? How can I manage it? I would like to be able to do the equivelent of checking the box that makes it so that the passwords will never expire, then let Novell force the user to change their password. The user would then synch (change both) when they change their novell password. I appreciate your help. Regards, Arnold Andrews MCAD/Unix Systems Administrator Seagate Technology, LLC
Hi Arnold,> I recently upgraded to Samba 2.2.8 running on Solaris 8. Since doing so, I have > noticed that I get a message telling me my password will expire in x days, and > if I want to change it now. I never had this message show up before.check date and time on client and samba machine. My christal ball say, your Solaris is your PDC. der tom ______________________________________________________________________________ UNICEF bittet um Spenden fur die Kinder im Irak! Hier online an UNICEF spenden: https://spenden.web.de/unicef/special/?mc=021101
> > I recently upgraded to Samba 2.2.8 running on Solaris 8. Since doing so, Ihave> > noticed that I get a message telling me my password will expire in x days,and> > if I want to change it now. I never had this message show up before. > > check date and time on client and samba machine. My christal ball say, yourSolaris is your PDC.>Yes, my Solaris host is the PDC. ??? The date and time are within a minute of each other on the Samba server and the PC. What does the date and time have to do with the epiration message? Thanks again, Arnold
Hi Arnold Andrews X-324-4292, you wrote:>> check date and time on client and samba machine. My christal ball >> say, your Solaris is your PDC. >> > > Yes, my Solaris host is the PDC. ??? The date and time are within a > minute of each other on the Samba server and the PC. What does the > date and time have to do with the epiration message?I saw this sometimes, if the client time was completely different from samba PDC (for instance in the future: 28.03.2034), when the (roaming) user profile was created. Check the timestamp of your user profile and his files (for instance your ntuser.dat) on samba server. der tom
> >> check date and time on client and samba machine. My christal ball > >> say, your Solaris is your PDC. > >> > > > > Yes, my Solaris host is the PDC. ??? The date and time are within a > > minute of each other on the Samba server and the PC. What does the > > date and time have to do with the expiration message? > > I saw this sometimes, if the client time was completely different from > samba PDC (for instance in the future: 28.03.2034), when the (roaming) > user profile was created. > Check the timestamp of your user profile and his files (for instance > your ntuser.dat) on samba server. >I am still missing how the timestamp of the user profile is related to this problem. I am not even using a roaming profile. To test it, I switched my profile type to roaming, then logged out and back in. Same issue, "Your password will expire in 7 days. Would you like to change it now?" I tried moving my profile aside then letting the system create me a brand new profile. Nothing I did had any effect on the issue. I finally just changed my Samba user password and the message quit coming up. I'm not the only user seeing this problem however, so it would be nice if I could do something to prevent Samba from trying to force me to change my password. I really only need to change my password when the Novell password aging system tells me I have to. At that point, I simply change both the Novell, and the windows (Samba) password together. I never saw this issue before moving to 2.2.8 (from 2.2.2). Any help is appreciated. Regards, Arnold Andrews MCAD/Unix Systems Administrator Seagate Technology, LLC