search for: dont_expire_password

...39;samba-tool user > setexpiry myuser --noexpiry'. > > How do I remove 'noexpiry' from the user account and let the user > follow the PSO on the group again? > > > - Kees. > > > When you set 'noexpiry' on an AD user, you are setting the 'DONT_EXPIRE_PASSWORD' flag on the users userAccountControl attribute. To turn this off, obtain the value stored in the users AD object userAccountControl attribute, subtract 65536 from that value and then replace the existing userAccountControl value with the result. Rowland

...10 machines authenticating and doing name lookups via a Windows 2008 (SP2) domain using the Solaris ldap client and self/gssapi credentials. Each machine has a machine account that is prepared via a script with the following attributes: userAccountControl: 4263936 (WORKSTATION_TRUST_ACCOUNT | DONT_EXPIRE_PASSWORD | DONT_REQ_PREAUTH) msDS-SupportedEncryptionTypes: 23 (KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 | KERB_ENCTYPE_RC4_HMAC_MD5 | KERB_ENCTYPE_DES_CBC_MD5 | KERB_ENCTYPE_DES_CBC_CRC) We would like to install a new Samba file server and have it play nicely with this setup, using the system keytab, ideal...

Hi Team, I am using fine-grained Password Settings Objects (PSOs), set with 'samba-tool domain passwordsettings pso' to determine a.o. password expiry (max. pw. age), they are set on a group. A while ago I have set one user to never expire: 'samba-tool user setexpiry myuser --noexpiry'. How do I remove 'noexpiry' from the user account and let the user follow the PSO

On 04/09/2015 01:21 PM, Rowland Penny wrote: > On 09/04/15 18:03, John E.P. Hynes wrote: >> >> On 04/09/2015 11:31 AM, Rowland Penny wrote: >>> On 09/04/15 16:19, John E.P. Hynes wrote: >>>> Thanks Rowland, I'll check that out. >>>> >>>> The funny thing is though, this workstation is in a "test" environment >>>>

...questions are: > > 1) How do I edit these with samba-tool? > 2) How the heck did they end up "wrong" like this right out of the box? > > Any ideas appreciated. > > -John OK, my computer accounts all have this: userAccountControl: 69632 Which is made up from: 65536 DONT_EXPIRE_PASSWORD 04096 WORKSTATION_TRUST_ACCOUNT So you could try using ldbmodify on the samba DC to change this. Create an ldif file, /tmp/computer dn: CN=computername,CN=Computers,CN=Users,DC=example,DC=com changetype: modify replace: UserAccountControl UserAccountControl: 69632 Don't forget to alter the...

...** User Name                   : domain\user User SID                    : S-1-5-21-801203796-115225906-466470621- 4513 User Object DN              : CN=user##SELECTION_END##,OU=Users,DC=domain,DC=corp User Password Last Set      : 7/16/2015 3:20:41 PM UserAccountControl Value    : {NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD} Logon Authentication Method : Kerberos User Domain                 : domain.corp Computer Site               : Default-First-Site-Name Computer Role               : Client Computer Operating System   : Windows 7 Computer Domain             : domain.corp Domain Controller           : {zafprdc001.do...

Hi All, I create a Samba domain and works it's great, the issue that I have is with the GPO's.When applying GPO's then only the computer Policy is applied and not the user GPO. I keep on receiving below error. Has anybody else perhaps been experiencing the same issues? C:\>gpupdate /force Updating Policy... User policy could not be updated successfully. The following errors were

...n Info ************ User Name                   : domain\user User SID                    : S-1-5-21-801203796-115225906-466470621- 4513 User Object DN              : CN=user,OU=Users,DC=domain,DC=corp User Password Last Set      : 7/16/2015 3:20:41 PM UserAccountControl Value    : {NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD} Logon Authentication Method : Kerberos User Domain                 : domain.corp Computer Site               : Default-First-Site-Name Computer Role               : Client Computer Operating System   : Windows 7 Computer Domain             : domain.corp Domain Controller           : {zafprdc001.do...