akanator
2017-Jul-06 10:20 UTC
[Samba] Domain users with expired account passwords cannot set a new one during login
I'm in the process of setting up a Samba 4 PDC on Debian 8. I've set user passwords to expire after a day for testing purposes. When a user tries to log in when his password has already expired, he only gets a short "The user account has expired." message and then gets sent back to the username/password screen, effectively locking them out. Tested with Windows 10 and Windows 7. There seems to be a way to get a "Enter your old password and a new password twice" screen instead, but I'm having a hard time finding where to configure that. Can anyone assist?
Marco Gaiarin
2017-Jul-06 13:23 UTC
[Samba] Domain users with expired account passwords cannot set a new one during login
Mandi! akanator via samba In chel di` si favelave...> I'm in the process of setting up a Samba 4 PDC on Debian 8. I've set user passwords to expire after a day for testing purposes. When a user tries to log in when his password has already expired, he only gets a short "The user account has expired." message and then gets sent back to the username/password screen, effectively locking them out. Tested with Windows 10 and Windows 7. > There seems to be a way to get a "Enter your old password and a new password twice" screen instead, but I'm having a hard time finding where to configure that. Can anyone assist?AFAI've understood, there are two different expiration: password and account. Account expiration are irreversible, you set a date and after that date account are disabled. Password expiration instead seems what you are speaking abount: if password expires, you are asked to change the password at logon. Account expiration are set as a date in AD data; password expiration are set in polixy (or GPO) as as 'number of days after the last password change'. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)