Hubert Choma
2008-Apr-02 13:21 UTC
[Samba] tdbsam allow users to change password without notice!!!
I use tdbsam . I use pdbedit -P "password hisotry" -C 3 pdbedit -P "min password length" -C 5 -P "maximum password age" -C 7776000 (90 days) -P "minimum password age" -C 6912000 (80 days) -P "user must logon to change password" -C 2 (on) So my passwords need to be changed every 90 days and user can change it after 80 days . I use this policies 6months and everything was ok. Windows xp users after logon was informed that they must chang password for xx days and they can change it after 80 days. But after changing time from winter to summer pdbedit work very strange!! Today I have discover terrible thing. pdbedit -Lv show me that every user changed password but windows doesn't show any notice about password change !!! The worst think is that password history doesn't worked and allow all users to write down the same password!! Nobody even know that change his own password because windows doesnt' show any notice, any window !!! They normally login as everyday do but pdbedit "changed password last set" entry to today date !!! Pdbedit -Lv shows that password was set eg today and next time they can change passord for 80 days!!!! But password is the same !!! PLEASE HELP!!! What should I do to force samba and pdbedit to change passwords correct and force to admonish password history !!!?? Unix username: fujitsu NT username: Account Flags: [U ] User SID: S-1-5-21-2794518228-724393910-221713885-2114 Primary Group SID: S-1-5-21-2794518228-724393910-221713885-513 Logon time: 0 Logoff time: never Kickoff time: 0 Password last set: ?r, 02 IV 2008 12:52:38 CEST Password can change: So, 21 VI 2008 12:52:38 CEST Password must change: Wt, 01 VII 2008 12:52:38 CEST Last bad password : 0 Bad password count : 0 Logon hours : 000000807F00807F00807F00807F00807F00000000 My smb.conf [global] workgroup = geodezja server string = Samba Server %v interfaces = eth2 lo 10.10.10.1 bind interfaces only = Yes ; encrypt passwords = Yes update encrypted = Yes ; client plaintext auth = Yes log level = 2 vfs:3 auth:2 passdb:3 log file = /var/log/samba/%U.%m.log ; max log size = 5000 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 # DRUKOWANIE printer admin = root,@domadm load printers = yes printing = cups cups options = raw logon script = %G.CMD logon path logon home domain logons = yes os level = 128 preferred master = yes domain master = yes ; local master = yes remote browse sync = none remote announce = none dns proxy = No wins support = yes name resolve order = wins bcast host lmhosts hosts allow = 10.10.10.1/255.255.255.0 ; unix password sync = no security = user ; password level = 0 ; null passwords = no ; deadtime = 0 ; map to guest = never create mask = 0777 nt acl support = no time server = yes ; enable privileges = yes passdb backend = tdbsam username map = /etc/samba/smbusers ---------------------------------------------------- Cracow Screen Festival (CSF) Krak?w, 2-4 maja 2008 Koncerty oraz sztuka videografii w przestrzeni miejskiej! Bryan Ferry, Underworld, The Raveonettes, Mattafix http://klik.wp.pl/?adr=http%3A%2F%2Fcorto.www.wp.pl%2Fas%2Fkrakow_festiwal.html&sid=296