search for: noexpiry

...g fine-grained Password Settings Objects (PSOs), set with > 'samba-tool domain passwordsettings pso' to determine a.o. password > expiry (max. pw. age), they are set on a group. > > A while ago I have set one user to never expire: 'samba-tool user > setexpiry myuser --noexpiry'. > > How do I remove 'noexpiry' from the user account and let the user > follow the PSO on the group again? > > > - Kees. > > > When you set 'noexpiry' on an AD user, you are setting the 'DONT_EXPIRE_PASSWORD' flag on the users userAcco...

Hi Team, I am using fine-grained Password Settings Objects (PSOs), set with 'samba-tool domain passwordsettings pso' to determine a.o. password expiry (max. pw. age), they are set on a group. A while ago I have set one user to never expire: 'samba-tool user setexpiry myuser --noexpiry'. How do I remove 'noexpiry' from the user account and let the user follow the PSO on the group again? - Kees.

Hi Rowland, and many thanks for fast reply, When using --noexpiry, the userAccountControl is set to 66048, which disable expiry for password as well (in MS console, "password never expires" is now checked). This means that the password expiry (let say, every 6 month) will never popup again to the user, which is in my sense a wrong behaviour. Is ther...

...am looking for the right command to achieve my goal. I would like to remove the account expiry date of an ACCOUNT with a samba-tool command (account never expires) Options of "samba-tool user setexpiry" are : --filter=FILTER LDAP Filter to set password on --days=DAYS Days to expiry --noexpiry Unfortunately, the "noexpiry" parameter just set another option which is "the PASSWORD never expires" which is related to the passord, and so serve a totally different goal. AFAIK, I cannot use the "edit" parameter since I would to do it on an non-interactive mode....

Hi Rowland and list, I allow myself to give a UP to my message in case someone has an idea. Thanks, --Oliver Le 2023-05-24 15:55, Olivier BILHAUT via samba a ?crit : > Hi Rowland, and many thanks for fast reply, > > When using --noexpiry, > the userAccountControl is set to 66048, which disable expiry for > password as well (in MS console, "password never expires" is now > checked). > > This means that the password expiry (let say, every 6 month) > will never popup again to the user, which is in my sens...

What I want is to get definiri X user had the expiration date on a date and Y user on another date, but this date I could set. The date when you arrive, you have to change this password. When I use the command samba-tool user setexpiry USER - noexpiry it change the "Password must change: Tuesday, 19 Jan 2038 01:14:07 GMT" I would like to do this, so that setting the date. Em 28-04-2016 16:15, Rowland penny escreveu: > On 28/04/16 19:49, Carlos A. P. Cunha wrote: >> >> Hello! >> I had looked at the options, and...

...d. ( and this probely dont applie to squid kerberos helpers only. )   samba-tool setup for squid i used, was as followed.   samba-tool user create squid1-service --description="Unprivileged user for SQUID1-Proxy Services" --random-password samba-tool user setexpiry squid1-service –noexpiry samba-tool spn add HTTP/proxy.internal.domain.tld squid1-service   Now this results in : My UPN was set to the username at internal.domain.tld  ( as it should ). My SPN was set to HTTP/proxyserver.internal.domain.tld at REALM ( as is should )    samba-tool spn list squid1-service squid1...

...an do this by typing the following commands Sep 3 19:27:09 homebase dhcpd: Administrator at EXAMPLE.COM Sep 3 19:27:09 homebase dhcpd: user create dhcpduser --description="Unprivileged user for DNS updates via ISC DHCP server" Sep 3 19:27:09 homebase dhcpd: user setexpiry dhcpduser --noexpiry Sep 3 19:27:09 homebase dhcpd: group addmembers DnsAdmins dhcpduser Sep 3 19:27:09 homebase dhcpd: execute: /usr/local/sbin/dhcp-dyndns.sh exit status 256 Is this what I need to do. That is create the dhcpduser? There is no 'user' command. Is this 'adduser'? > if [ -z &q...

...; What I want is to get definiri X user had the expiration date on a >> date and Y user on another date, but this date I could set. >> The date when you arrive, you have to change this password. >> >> When I use the command >> >> samba-tool user setexpiry USER - noexpiry >> >> it change the "Password must change: Tuesday, 19 Jan 2038 01:14:07 GMT" >> >> I would like to do this, so that setting the date. >> >> >> Em 28-04-2016 16:15, Rowland penny escreveu: >>> On 28/04/16 19:49, Carlos A. P. Cunha wrote:...

...hcpd: you can do this by typing the following commands Sep 3 20:35:33 homebase dhcpd: Administrator at home.htt Sep 3 20:35:33 homebase dhcpd: user create dhcpd --description="Unprivileged user for DNS updates via ISC DHCP server" Sep 3 20:35:33 homebase dhcpd: user setexpiry dhcpd --noexpiry Sep 3 20:35:33 homebase dhcpd: group addmembers DnsAdmins dhcpd Sep 3 20:35:33 homebase dhcpd: execute: /usr/local/sbin/dhcp-dyndns.sh exit status 256 So what is needed here for the user? And where is it being created? Is this in kerberos? Is there a separate kerberos daemon with sernet? S...

...by typing the following commands" # echo "kinit Administrator@${REALM}" # echo "samba-tool user create dhcpduser --random-password --description=\"Unprivileged user for DNS updates via ISC DHCP server\"" # echo "samba-tool user setexpiry dhcpduser --noexpiry" # echo "samba-tool group addmembers DnsAdmins dhcpduser" # exit 1 #else # echo "TESTUSER: ${TESTUSER}" >> /tmp/Update.txt #fi Now when an IP address expires, the dns is not update. I execute manually the script and don't work /etc/dhcp/bin/dhcp-dyndns.s...

Hi. I'm using Samba 4 on two Zentyal servers as Domain Controller and now I have to authenticate some services to it (Apache and PAM in particular). The LDAP integration asks me for a LDAP bind password, but I cannot find out where it is on Zentyal. Is there a way to check (or change it) directly on Samba 4? Or is it preferable to authenticate against Active Directory or Kerberos? Thank you

Hi, I'd like to use ldbadd with kerberos authentication using samba 4.2.3-SerNet-Debian-7.jessie, but it seems authentication is not being processed. Executing... kinit Administrator at INTERNAL.DOMAIN.TLD -k -t /etc/admin.keytab root at dc01:/# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator at INTERNAL.DOMAIN.TLD Valid starting Expires Service

...> following commands > Sep 3 19:27:09 homebase dhcpd: Administrator at EXAMPLE.COM > Sep 3 19:27:09 homebase dhcpd: user create dhcpduser > --description="Unprivileged user for DNS updates via ISC DHCP server" > Sep 3 19:27:09 homebase dhcpd: user setexpiry dhcpduser --noexpiry > Sep 3 19:27:09 homebase dhcpd: group addmembers DnsAdmins dhcpduser > Sep 3 19:27:09 homebase dhcpd: execute: > /usr/local/sbin/dhcp-dyndns.sh exit status 256 > > Is this what I need to do. That is create the dhcpduser? There is no > 'user' command. Is this 'a...

...t; read only = no fixed. > 'sysvol' is okay except it needs to be writeable. fixed as well. > You also do not set the maximum password age with pdbedit. I do, but you're saying I should not? I do in the shell script: /local/samba/bin/samba-tool user setexpiry Administrator --noexpiry -s ${SAMBACONFIG} /local/samba/bin/pdbedit -s ${SAMBACONFIG} -P "maximum password age" -C -1 While my active directories do not survive one week, I thought just to be on the safe side, I disable password aging. Is there a better way? > Yes try reading up on Samba AD more before tryin...

Hi all, I’m looking to add in a kerberos principal on my server for the AD domain. I see there are ways to do this for user(s), but I don’t see how to add a principal for hosts. In general, I’ld like to add something like the following to me 4.3.4 Domain: ktpass -princ afpserver/fqdn at REALM -mapuser mapuser at domain +rndPass -out afpserver.keytab This is for a netatalk server. I’ve never

...es are running on the Ubuntu server (samba AD/DC), no other linux box for now. 1 Windows VM has been setup on server to make AD tasks using Administrator account. Trying to use nslcd + kerberos : created a user in AD: samba-tool user add ldap My_secret_password samba-tool user setexpiry ldap --noexpiry created spn and exported keytab: samba-tool spn add nslcd/serveur.radiodjiido.nc ldap samba-tool domain exportkeytab /etc/krb5.nslcd.keytab --principal=ldap chown nslcd:root /etc/krb5.nslcd.keytab chmod 600 /etc/krb5.nslcd.keytab configured nslcd: grep ^[^#] /etc/nslcd.conf -> uid nslcd gid ns...

On Thu, 3 Sep 2015, Rowland Penny wrote: > What are the permissions on /var/lib/samba/private/dns ? Also don't forget the permissions on /var/lib/samba/private If you're using sernet's packages, you'll have to chgrp it to to named or give it o+x perms.

...ance for any hint. > > Regards OK, firstly I would create a user to use with ldb-tools instead of using Administrator: samba-tool user create admin --random-password --description="Unprivileged user for ldb-tools" Next, set user to not expire: samba-tool user setexpiry admin --noexpiry You now need to export the users keytab: samba-tool domain exportkeytab /etc/admin.keytab --principal=admin Now you have the keytab you can now run kinit and create the ticket cache: kinit -F -k -t /etc/admin.keytab -c /tmp/krb5cc_admin admin at UREALM # <--change 'UREALM' to your u...

You mean something like : Create a user for a service. samba-tool user create squid-proxy --description="Unprivileged user for SQUID-Proxy Services" --random-password Disable password expiry. samba-tool user setexpiry squid-proxy --noexpiry setting HTTP SPN on the proxy user (proxy1) samba-tool spn add HTTP/proxy1.internal.domain.tld squid-proxy samba-tool spn add HTTP/proxy1.internal.domain.tld at KERB_REALM squid-proxy And export the keytab. samba-tool domain exportkeytab --principal=HTTP/proxy1.internal.domain.tld /home/proxy1.k...