harold.celie@bt.com
2005-Mar-04 16:38 UTC
[Samba] Unchangeable "Password must change: Fri, 13 Dec 1901 21:45:51 MET "
Hello Group, I've been reading many posts but i still don't have the answer to how to force a password change or set a password lifetime. I'm using w2k clients which connect to a samba PDC version 3.0.10 on a basic SunOS 5.8 system, no ldap or so. syncing the ux-passwords and the smb-passwords works perfect, but i can't get it working to force users to change passwords. The command that should do this is ; pdbedit -P "maximum password age" -C 5 I know this are seconds, but just for testing Running this command as root gives; root> pdbedit -P "maximum password age" -C 5 account policy value for maximum password age was 100 account policy value for maximum password age is now 5 root> It does change the policy; account policy value for maximum password age is 5 but nothing is changed when i give the pdbedit -v command. When i run a pdbedit after i logged in/out as a user on the w2k system, nothing has happened the output is exactly the same as it was before. root> pdbedit -v -u useraa Unix username: useraa NT username: Account Flags: [U ] User SID: S-1-5-21-4240529304-4054190640-1643903753-27306 Primary Group SID: S-1-5-21-4240529304-4054190640-1643903753-1021 Full Name: Home Directory: \\server\useraa HomeDir Drive: Logon Script: Profile Path: \\server\useraa\profile Domain: NETDOM Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Fri, 13 Dec 1901 21:45:51 MET Kickoff time: Fri, 13 Dec 1901 21:45:51 MET Password last set: Thu, 03 Mar 2005 17:21:36 MET Password can change: Thu, 03 Mar 2005 17:21:36 MET Password must change: Fri, 13 Dec 1901 21:45:51 MET Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF root> Selecting the option "change password at next logon" is usrmgr on the w2k machine doesn't do the trick either. Does anybody have a suggestion to get this running? Or is there another way to force users once in a while to change password? (maybe some command(s) i can put in cron) All help is welcome Thanks in advance Harold
John H Terpstra
2005-Mar-04 16:49 UTC
[Samba] Unchangeable "Password must change: Fri, 13 Dec 1901 21:45:51 MET "
Harold, Are you using tdbsam as your password backend? If not, then you can not do what you are attempting to do. There is no place in the smbpasswd file to store account aging information. Please confirm that you have in the globals section of your smb.conf file: passdb backend = tdbsam If you need to migrate from smbpasswd to tdbsam, after the above has been added to the smb.conf file you can migrate the data by executing: pdbedit -i smbpasswd -e tdbsam Cheers, John T. On Friday 04 March 2005 09:37, harold.celie@bt.com wrote:> Hello Group, > > I've been reading many posts but i still don't have the answer to how to > force a password change or set a password lifetime. > > I'm using w2k clients which connect to a samba PDC version 3.0.10 on a > basic SunOS 5.8 system, no ldap or so. syncing the ux-passwords and the > smb-passwords works perfect, > but i can't get it working to force users to change passwords. > > The command that should do this is ; > pdbedit -P "maximum password age" -C 5 > I know this are seconds, but just for testing > > Running this command as root gives; > root> pdbedit -P "maximum password age" -C 5 > account policy value for maximum password age was 100 > account policy value for maximum password age is now 5 > root> > > It does change the policy; > account policy value for maximum password age is 5 > > but nothing is changed when i give the pdbedit -v command. > When i run a pdbedit after i logged in/out as a user on the w2k system, > nothing has happened > the output is exactly the same as it was before. > > root> pdbedit -v -u useraa > Unix username: useraa > NT username: > Account Flags: [U ] > User SID: S-1-5-21-4240529304-4054190640-1643903753-27306 > Primary Group SID: S-1-5-21-4240529304-4054190640-1643903753-1021 > Full Name: > Home Directory: \\server\useraa > HomeDir Drive: > Logon Script: > Profile Path: \\server\useraa\profile > Domain: NETDOM > Account desc: > Workstations: > Munged dial: > Logon time: 0 > Logoff time: Fri, 13 Dec 1901 21:45:51 MET > Kickoff time: Fri, 13 Dec 1901 21:45:51 MET > Password last set: Thu, 03 Mar 2005 17:21:36 MET > Password can change: Thu, 03 Mar 2005 17:21:36 MET > Password must change: Fri, 13 Dec 1901 21:45:51 MET > Last bad password : 0 > Bad password count : 0 > Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > root> > > Selecting the option "change password at next logon" is usrmgr on the > w2k machine doesn't do the trick either. > > Does anybody have a suggestion to get this running? Or is there another > way to force users once in a while to change password? > (maybe some command(s) i can put in cron) > > All help is welcome > > Thanks in advance > > Harold-- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.
Seemingly Similar Threads
- [Bug 1901] New: Wrong configure result for -Wno-unused-result and gcc-4.4
- [Bug 256] New: Expired password unchangeable again with pam support
- [Bug 256] Expired password unchangeable again with pam support
- Password must change: 0
- follow up on "[Rd] NAMESPACE & methods guidance, please" ( http://tolstoy.newcastle.edu.au/R/e4/devel/08/06/1901.html )