Boaz Bezborodko
2007-Mar-16 15:11 UTC
[Samba] Can't change password change dates with PDBEDIT
I'm setting up a Samba server using CentOS 4's (RedHat Enterprise Linux) standard version (v.3.0101411). I want to be able to force users to change their password upon first logging in and to have to change them after a certain period of time (per user, not system-wide). The problem is that the pdbedit commands don't seem to be registering at all in the database. If I enter the following command: pdbedit --pwd-must-change-time="2010-01-01" --time-format="%Y-%m-%d" I still get: Password last set: Fri, 16 Mar 2007 10:02:06 GMT Password can change: Fri, 16 Mar 2007 10:02:06 GMT Password must change: Mon, 18 Jan 2038 22:14:07 GMT How do I control login times? (I'm moving from a Novel Netware server where these kind of administration tasks were very easy. I'm disappointed that it is taking me so long to get this done.) Boaz
Felipe Augusto van de Wiel
2007-Mar-19 13:32 UTC
[Samba] Can't change password change dates with PDBEDIT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Boaz, I'm using LDAP as a backend so YMMV. On 03/16/2007 12:10 PM, Boaz Bezborodko wrote:> I'm setting up a Samba server using CentOS 4's (RedHat > Enterprise Linux) standard version (v.3.0101411). IHmmm, you should upgrade your samba version. Not sure if it will solve your problem, but I'm using 3.0.24 and the information of this message is based on this version. Anyway, 3.0.14 and 3.0.2x has lots of improvements and fixes that are worthwhile.> want to be able to force users to change their password > upon first logging in and to have to change them after > a certain period of time (per user, not system-wide). > > The problem is that the pdbedit commands don't seem to > be registering at all in the database. If I enter the > following command: > pdbedit --pwd-must-change-time="2010-01-01" --time-format="%Y-%m-%d"Not sure if it is a bug in pdbedit, but there is an unusual behaviour of samba with regards to passwd fields, here is a message where I explain the behaviour: http://lists.samba.org/archive/samba/2007-February/129890.html> I still get: > Password last set: Fri, 16 Mar 2007 10:02:06 GMT > Password can change: Fri, 16 Mar 2007 10:02:06 GMT > Password must change: Mon, 18 Jan 2038 22:14:07 GMT > > How do I control login times?Basically, even when changing it per-user, you need to respect that global policy to get things working as expected. I've been adding users and doind the pwd dance for a few months now, and everything is working fine. Kind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF/pDICj65ZxU4gPQRArnbAJ4ogQBBs6p5aRVpE/L4nzt7860pkgCgnMJJ 0+mBiGOwm/3B0O69iFhGwsM=86gH -----END PGP SIGNATURE-----
Boaz Bezborodko
2007-Mar-19 20:44 UTC
[Samba] Can't change password change dates with PDBEDIT
Felipe Augusto van de Wiel wrote:> Hi Boaz, >Thanks for the reply, Felipe.> I'm using LDAP as a backend so YMMV. >I've been thinking about using LDAP, but I don't have a very large installation (maybe 15 computers) so I wanted to avoid getting overly complicated. But it seems that tdbSAM is not much better as it is very difficult to get good information on how to get things done.>> On 03/16/2007 12:10 PM, Boaz Bezborodko wrote: >> I'm setting up a Samba server using CentOS 4's (RedHat >> Enterprise Linux) standard version (v.3.0101411). I > > Hmmm, you should upgrade your samba version. Not sure > if it will solve your problem, but I'm using 3.0.24 and the > information of this message is based on this version. Anyway, > 3.0.14 and 3.0.2x has lots of improvements and fixes that are > worthwhile. >I was sticking with the official RedHat release if only because previous advice was that I should probably stick with it unless I specifically needed new features as it was likely the most stable version with this OS. I did not anticipate that what seem like basic operations would be so difficult to apply. Is this a version thing? I would think that adjusting dates in a database would be an easy thing to do.> >> want to be able to force users to change their password >> upon first logging in and to have to change them after >> a certain period of time (per user, not system-wide). > >> The problem is that the pdbedit commands don't seem to >> be registering at all in the database. If I enter the >> following command: >> pdbedit --pwd-must-change-time="2010-01-01" --time-format="%Y-%m-%d" > > Not sure if it is a bug in pdbedit, but there is an > unusual behaviour of samba with regards to passwd fields, > here is a message where I explain the behaviour: > > http://lists.samba.org/archive/samba/2007-February/129890.html >I'll try this out. Thanks for the assistance. Boaz
Felipe Augusto van de Wiel wrote:> Hi Boaz, > > I'm using LDAP as a backend so YMMV. > > > On 03/16/2007 12:10 PM, Boaz Bezborodko wrote: >> I'm setting up a Samba server using CentOS 4's (RedHat >> Enterprise Linux) standard version (v.3.0101411). I > > Hmmm, you should upgrade your samba version. Not sure > if it will solve your problem, but I'm using 3.0.24 and the > information of this message is based on this version. Anyway, > 3.0.14 and 3.0.2x has lots of improvements and fixes that are > worthwhile. > > >> want to be able to force users to change their password >> upon first logging in and to have to change them after >> a certain period of time (per user, not system-wide). >OK, for those who may have found this on a search I found that the easiest way to do this was to use the NT4 User Manager tool to set the flag that forces the user to change password at the next login. Just search for SRVTOOLS.EXE, download them and execute the file in the directory in which you want them to be installed. Boaz
Maybe Matching Threads
- Logon scripts not working on all users
- Newbie looking to move from Netware to Linux/Samba
- Do I need Winbind?
- Opening "Printers" causes incoming packets from different ports
- [LLVMdev] [cfe-dev] SPIR provisional specification is now available in the Khronos website