search for: noexpiri

On Thu, 21 Mar 2024 19:50:17 +0100 Kees van Vloten via samba <samba at lists.samba.org> wrote: > Hi Team, > > > I am using fine-grained Password Settings Objects (PSOs), set with > 'samba-tool domain passwordsettings pso' to determine a.o. password > expiry (max. pw. age), they are set on a group. > > A while ago I have set one user to never expire:

Hi Team, I am using fine-grained Password Settings Objects (PSOs), set with 'samba-tool domain passwordsettings pso' to determine a.o. password expiry (max. pw. age), they are set on a group. A while ago I have set one user to never expire: 'samba-tool user setexpiry myuser --noexpiry'. How do I remove 'noexpiry' from the user account and let the user follow the PSO

Hi Rowland, and many thanks for fast reply, When using --noexpiry, the userAccountControl is set to 66048, which disable expiry for password as well (in MS console, "password never expires" is now checked). This means that the password expiry (let say, every 6 month) will never popup again to the user, which is in my sense a wrong behaviour. Is there a way to change ONLY

Hi list :) I am looking for the right command to achieve my goal. I would like to remove the account expiry date of an ACCOUNT with a samba-tool command (account never expires) Options of "samba-tool user setexpiry" are : --filter=FILTER LDAP Filter to set password on --days=DAYS Days to expiry --noexpiry Unfortunately, the "noexpiry" parameter just set another option

Hi Rowland and list, I allow myself to give a UP to my message in case someone has an idea. Thanks, --Oliver Le 2023-05-24 15:55, Olivier BILHAUT via samba a ?crit : > Hi Rowland, and many thanks for fast reply, > > When using --noexpiry, > the userAccountControl is set to 66048, which disable expiry for > password as well (in MS console, "password never

What I want is to get definiri X user had the expiration date on a date and Y user on another date, but this date I could set. The date when you arrive, you have to change this password. When I use the command samba-tool user setexpiry USER - noexpiry it change the "Password must change: Tuesday, 19 Jan 2038 01:14:07 GMT" I would like to do this, so that setting the date. Em

Hai   After my squid group adventure, i have a remaining question here.   The problem was as followed. ( and this probely dont applie to squid kerberos helpers only. )   samba-tool setup for squid i used, was as followed.   samba-tool user create squid1-service --description="Unprivileged user for SQUID1-Proxy Services" --random-password samba-tool user setexpiry

First I am having a couple challenges with your script here: On 09/03/2015 02:43 PM, Rowland Penny wrote: > > I thought that might be your next question, I wrote it, based on what > I found here: > > http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ > > > #!/bin/bash > > # /usr/local/sbin/dhcp-dyndns.sh > #

Sorry but I do not understand .... :-O Em 28-04-2016 16:55, Rowland penny escreveu: > On 28/04/16 20:30, Carlos A. P. Cunha wrote: >> >> What I want is to get definiri X user had the expiration date on a >> date and Y user on another date, but this date I could set. >> The date when you arrive, you have to change this password. >> >> When I use the command

This will be it for tonight... Sep 3 20:35:30 homebase dhcpd: DHCPDISCOVER from 02:97:09:02:23:a2 (cubieboard2) via eth0 Sep 3 20:35:31 homebase dhcpd: DHCPOFFER on 192.168.192.21 to 02:97:09:02:23:a2 (cubieboard2) via eth0 Sep 3 20:35:31 homebase dhcpd: /usr/local/sbin/dhcp-dyndns.sh: line 17: /var/log/dyndns.log: Permission denied Sep 3 20:35:31 homebase dhcpd:

Hi Rowland, I resolve the problem partially. The problem was due to the fact that I do not have winbind installed because Samba 4, Bind9 and isc-dhcp-server are on the same server. I commented on these lines in the script dhcp-dyndns.sh and it worked (on commit and on release but not on expiry ) #TESTUSER=$(wbinfo -u | grep dhcpduser) #if [ -z "${TESTUSER}" ]; then # echo "No

Hi. I'm using Samba 4 on two Zentyal servers as Domain Controller and now I have to authenticate some services to it (Apache and PAM in particular). The LDAP integration asks me for a LDAP bind password, but I cannot find out where it is on Zentyal. Is there a way to check (or change it) directly on Samba 4? Or is it preferable to authenticate against Active Directory or Kerberos? Thank you

Hi, I'd like to use ldbadd with kerberos authentication using samba 4.2.3-SerNet-Debian-7.jessie, but it seems authentication is not being processed. Executing... kinit Administrator at INTERNAL.DOMAIN.TLD -k -t /etc/admin.keytab root at dc01:/# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator at INTERNAL.DOMAIN.TLD Valid starting Expires Service

I am reading through the script and see some things I did not change... Will do that and try again. As well as create the log file manually. On 09/03/2015 07:47 PM, Robert Moskowitz wrote: > First I am having a couple challenges with your script here: > > On 09/03/2015 02:43 PM, Rowland Penny wrote: >> >> I thought that might be your next question, I wrote it, based on what

Hello Rowland, > These shouldn't be set or are defaults: > name resolve order = host > passdb backend = tdbsam > security = user > domain logons = yes > log level = 3 > os level = 64 > preferred master = yes > local master = yes > domain master = yes > tls keyfile = key.pem > tls certfile = cert.pem > tls cafile = ca.pem I kicked these out. I found

Hi all, I’m looking to add in a kerberos principal on my server for the AD domain. I see there are ways to do this for user(s), but I don’t see how to add a principal for hosts. In general, I’ld like to add something like the following to me 4.3.4 Domain: ktpass -princ afpserver/fqdn at REALM -mapuser mapuser at domain +rndPass -out afpserver.keytab This is for a netatalk server. I’ve never

Hi all, Well, I'm completely lost with AD authentification ... server is : Ubuntu 12.04.3 3.8.0-32-generic #47~precise1-Ubuntu Samba 4.0.10 installed (and upgraded) via git, setup as unique Active Directory Domain Controller ( -> how to upgrade to 4.1 via git ?? ) I 'just' would like that the local services (let's say only dovecot and postfix) can query AD to authentifiate

On Thu, 3 Sep 2015, Rowland Penny wrote: > What are the permissions on /var/lib/samba/private/dns ? Also don't forget the permissions on /var/lib/samba/private If you're using sernet's packages, you'll have to chgrp it to to named or give it o+x perms.

On 01/09/15 21:59, Quirin Maier wrote: > Hi, > > I'd like to use ldbadd with kerberos authentication using samba > 4.2.3-SerNet-Debian-7.jessie, but it seems authentication is not being > processed. Executing... > > kinit Administrator at INTERNAL.DOMAIN.TLD -k -t /etc/admin.keytab > > root at dc01:/# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default

You mean something like : Create a user for a service. samba-tool user create squid-proxy --description="Unprivileged user for SQUID-Proxy Services" --random-password Disable password expiry. samba-tool user setexpiry squid-proxy --noexpiry setting HTTP SPN on the proxy user (proxy1) samba-tool spn add HTTP/proxy1.internal.domain.tld squid-proxy samba-tool spn add