Philippe LeCavalier
2022-Jun-09 21:24 UTC
[Samba] Password Expiration setting and manually adjusting the date
Just bringing this back to the surface. On Wed, Jun 8, 2022 at 3:10 PM Philippe LeCavalier <support at plecavalier.com> wrote:> On Wed, Jun 8, 2022 at 4:36 AM L. van Belle via samba < > samba at lists.samba.org> wrote: > >> I suggest, increase the debug level, see that happening when users change >> a >> password. >> And tell us which samba version and OS your using, add the content of >> smb.conf >> >> That's pretty important. > > I was asking if it is expected behaviour. I suppose I could interpret you > asking for this information as confirmation that it is not expected... > >> >> >> This one might help out. >> sudo samba-tool domain passwordsettings >> > plecavalier# samba-tool domain passwordsettings show > Password information for domain 'DC=intranet,DC=domain,DC=ca' > Password complexity: on > Store plaintext passwords: off > Password history length: 24 > Minimum password length: 6 > Minimum password age (days): 0 > Maximum password age (days): 0 > Account lockout duration (mins): 30 > Account lockout threshold (attempts): 0 > Reset account lockout after (mins): 15 > > plecavalier# uname -ar > Linux piwc11 5.10.0-13-amd64 #1 SMP Debian 5.10.106-1 (2022-03-17) x86_64 > GNU/Linux > > plecavalier# dpkg -l | grep samba > ii python3-samba 2:4.13.13+dfsg-1~deb11u3 amd64 > Python 3 bindings for Samba > ii samba 2:4.13.13+dfsg-1~deb11u3 amd64 > SMB/CIFS file, print, and login server for Unix > ii samba-common 2:4.13.13+dfsg-1~deb11u3 all > common files used by both the Samba server and client > ii samba-common-bin 2:4.13.13+dfsg-1~deb11u3 amd64 > Samba common files used by both the server and the client > ii samba-dsdb-modules:amd64 2:4.13.13+dfsg-1~deb11u3 amd64 > Samba Directory Services Database > ii samba-libs:amd64 2:4.13.13+dfsg-1~deb11u3 amd64 > Samba core libraries > ii samba-vfs-modules:amd64 2:4.13.13+dfsg-1~deb11u3 amd64 > Samba Virtual FileSystem plugins > plecavalier# dpkg -l | grep winbind > ii libnss-winbind:amd64 2:4.13.13+dfsg-1~deb11u3 amd64 > Samba nameservice integration plugins > ii libpam-winbind:amd64 2:4.13.13+dfsg-1~deb11u3 amd64 > Windows domain authentication integration plugin > ii libwbclient0:amd64 2:4.13.13+dfsg-1~deb11u3 amd64 > Samba winbind client library > ii winbind 2:4.13.13+dfsg-1~deb11u3 amd64 > service to resolve user and group information from Windows NT servers > > plecavalier# cat /etc/samba/smb.conf > # Global parameters > [global] > workgroup = INTRANET > realm = INTRANET.DOMAIN.CA > netbios name = DC11 > server role = active directory domain controller > dns forwarder = 8.8.8.8 > idmap_ldb:use rfc2307 = yes > bind interfaces only = yes > > [netlogon] > path = /var/lib/samba/sysvol/intranet.domain.ca/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [profiles] > path = /data/profiles > read only = no > >> >> Greetz, >> >> Louis >> >> >> > -----Oorspronkelijk bericht----- >> > Van: samba <samba-bounces at lists.samba.org> Namens Philippe LeCavalier >> > via samba >> > Verzonden: woensdag 8 juni 2022 03:05 >> > Aan: samba <samba at lists.samba.org> >> > Onderwerp: Re: [Samba] Password Expiration setting and manually >> adjusting >> > the date >> > >> > On Tue, Jun 7, 2022 at 10:21 AM Philippe LeCavalier >> > <support at plecavalier.com> >> > wrote: >> > >> > > Hi, >> > > Does anyone have experience with having a password expiration (say 60 >> > > days) and manually adjusting a user's expiration date? >> > > >> > > I've got several domains all of which have a 90 day expiration in >> ad-dc. >> > > Frequently, users forget to change it and get locked out. I find that >> > > when I postpone the expiration by adjusting the date (either in RSAT >> > > or CLI - whichever is most handy at the time) when the user changes >> > > the password the expiration doesn't change from the one I set. So if I >> > > give the user 3 days to change it and they change it the next day, the >> > > user still gets locked out on the third day yet I would expect it to >> > > not expire until the 90th day from the day it was changed. >> > > >> > > Is this normal behaviour and if it is, what is the expected method for >> > > dealing with a user with an expired account? If it isn't, what do I >> > > need to look at to rectify this? >> > > Thanks, Phil >> > > >> > Anyone experienced this? >> > -- >> > To unsubscribe from this list go to the following URL and read the >> > instructions: https://lists.samba.org/mailman/options/samba >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >
Zombie Ryushu
2022-Jun-09 23:47 UTC
[Samba] dhcp-dyndns.sh dhcp is running as the wrong user
I don't understand why it is trying to kinit as Administrator. TTY=pts/0 ; PWD=/home/masterz ; USER=root ; COMMAND=/usr/bin/kinit -F -k -t /etc/dhcpduser.keytab Administrator at PUKEY
Rowland Penny
2022-Jun-10 07:16 UTC
[Samba] Password Expiration setting and manually adjusting the date
On Thu, 2022-06-09 at 17:24 -0400, Philippe LeCavalier via samba wrote:> Just bringing this back to the surface. >I have reread this thread and I think this is normal :-) Your user gets locked out because their password has expired. You unlock the user and set their password expiration to three days. Your user changes the password but this does not effect the expiry. After three days they get locked out again. Rinse and repeat :-) You are going about this the wrong way, you need to remind them that their password will expire before it does. Rowland