search for: sambaminpwdlength

...me=* # requesting: ALL # dn: sambaDomainName=suntech,dc=suntech objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: suntech sambaSID: S-1-5-21-3936576374-1604348213-1812465911 sambaPwdHistoryLength: 0 sambaLockoutThreshold: 0 gidNumber: 10034 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaMinPwdLength: 5 sambaLogonToChgPwd: 0 sambaForceLogoff: -1 uidNumber: 10002 sambaNextRid: 10038 # server02, suntech dn: sambaDomainName=server02,dc=suntech sambaDomainName: server02 sambaSID: S-1-5-21-2631908330-1812305667-41686038 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 s...

...and openldap and wipe out the bdb files 3) install the newer versions 4) slapadd to the new openldap server This seems to work in my test lab. During my tests I also built a new domain afresh and realized that the sambaDomainName ldap entry has some attributes that are not in my production server: sambaMinPwdLength, sambaLogonToChgPwd, sambaLockoutDuration, sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff. Do I have to add these attributes to my ldif file before slapadd? More generally, do I have to add some attributes to my ldap entries? Regards, Thierry

...e newer versions >> 4) slapadd to the new openldap server >> >> This seems to work in my test lab. >> During my tests I also built a new domain afresh and realized that the >> sambaDomainName ldap entry has some attributes that are not in my >> production server: sambaMinPwdLength, sambaLogonToChgPwd, >> sambaLockoutDuration, >> sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff. >> >> Do I have to add these attributes to my ldif file before slapadd? >> More generally, do I have to add some attributes to my ldap entries? &...

...3.0.27a i realized that when using the usrmgr.exe, the password preferences in policies -> accounts didn't got saved - only the password-length option got saved. After doing some research, i managed to solve this by adding the following LDAP attributes to the access rules in slapd.conf: sambaMinPwdLength sambaPwdHistoryLength sambaLogonToChgPwd sambaMaxPwdAge sambaMinPwdAge sambaLockoutDuration sambaLockoutObservationWindow sambaLockoutThreshold sambaForceLogoff sambaRefuseMachinePwdChange But one problem still exists: If Windows-users change their password via the normal Windows dialog, the pas...

...my_domain.com dn: sambaDomainName=///samba_server_name,d/c=my_domain,dc=com// // sambaDomainName: ///samba_server_name/// sambaSID: S-1-5-21-1471793353-708426617-xxxxxyyyyzzzz// // sambaAlgorithmicRidBase: 1000// // objectClass: sambaDomain// // sambaNextUserRid: 1000// // sambaMinPwdLength: 5// // sambaPwdHistoryLength: 0// // sambaLogonToChgPwd: 0// // sambaMaxPwdAge: -1// // sambaMinPwdAge: 0// // sambaLockoutDuration: 30// // sambaLockoutObservationWindow: 30// // sambaLockoutThreshold: 0// // sambaForceLogoff: -1// // sambaRefuseMachinePwdChange: 0/ #...

...xx -W -LLL '(sambaDomainName=EVAN)' Enter LDAP Password: dn: sambaDomainName=EVAN,dc=xxx,dc=xxx,dc=xx objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: EVAN sambaSID: S-1-5-21-1042031166-387543594-2118856591 sambaMinPwdAge: 0 sambaMaxPwdAge: -1 sambaLockoutThreshold: 0 sambaMinPwdLength: 5 sambaLogonToChgPwd: 0 sambaForceLogoff: -1 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaRefuseMachinePwdChange: 0 sambaPwdHistoryLength: 0 gidNumber: 3616 sambaNextRid: 1183 uidNumber: 12704 Thank you! Best, Alex

...suggestions and cleaned up the smb.conf. Also added the unixidpool ldif dn: sambaDomainName=mydomain,dc=mydomain sambaDomainName: mydomain sambaSID: S-1-5-21-3936576374-1604348213-1812434911 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain objectClass: sambaUnixIdPool sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 sambaNextRid: 1001 uidNumber: 10000 gidNumber: 10000 When I tried to add a...

...nt policy value for min password length was 7 account_policy_set: min password length:7 account policy value for min password length is now 7 I'm guessing it's taking these values from /var/lib/samba/account_policy.tdb, it's not taking them from ldap - because it doesn't change sambaMinPwdLength I can see a search happening in the ldap logs, but I don't see any updates - is this expected behaviour? I believe I need to run the following command to update LDAP? pdbedit -y -i tdbsam -e ldapsam -d 10 However, when I do this, I get the following error message (more of log attached - but...

...ch user in my LDAP database: sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaPwdLastSet: 1406347540 Also, I have sambaDomainName=WORKGROUP with entries like the following: sambaMinPwdAge: 0 sambaPwdHistoryLength: 0 sambaMinPwdLength: 6 sambaLogonToChgPwd: 2 sambaLockoutDuration: 1 sambaMaxPwdAge: 7776000 sambaLockoutObservationWindow: 1 sambaLockoutThreshold: 5 With these settings pdbedit shows the following output: # pdbedit -u USERNAME -v Unix username: USERNAME NT username: USERNAME Account Flags: [U...

...; added the unixidpool ldif > > dn: sambaDomainName=mydomain,dc=mydomain > sambaDomainName: mydomain > sambaSID: S-1-5-21-3936576374-1604348213-1812434911 > sambaAlgorithmicRidBase: 1000 > objectClass: sambaDomain > objectClass: sambaUnixIdPool > sambaNextUserRid: 1000 > sambaMinPwdLength: 5 > sambaPwdHistoryLength: 0 > sambaLogonToChgPwd: 0 > sambaMaxPwdAge: -1 > sambaMinPwdAge: 0 > sambaLockoutDuration: 30 > sambaLockoutObservationWindow: 30 > sambaLockoutThreshold: 0 > sambaForceLogoff: -1 > sambaRefuseMachinePwdChange: 0 > sambaNextRid: 1001 > ui...

...20110608145736Z#000006#00#000000 modifiersName: cn=admin,dc=server,dc=nas modifyTimestamp: 20110608145736Z dn: sambaDomainName=DSS,dc=server,dc=nas sambaDomainName: DSS sambaSID: S-1-5-21-2206515185-2896615622-3143254707 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 structuralObjectClass: sambaDomain entryUUID: 6470ac16-262b-1030-84d9-1370b5...

After moving from Redhat AS4 to RHEL 5.5 we started noticing these error messages in the messages log. Upgrade procedure was to build new machine with updated OS, install new samba, duplicate existing ldap server connections, and then shutdown the old box and put new one in place. Messages were not seen on AS4 box and smb.conf file is identical on new box. I am wondering if there was a change

...objectClass: organizationalUnit structuralObjectClass: organizationalUnit dn: sambaDomainName=DOMINIO,ou=Dominios,dc=dominio,dc=com,dc=br objectClass: sambaDomain sambaAlgorithmicRidBase: 1000 sambaSID: S-1-5-21-874179082-3571801642-3889913597 sambaDomainName: DOMINIO sambaMinPwdLength: 4 sambaLogonToChgPwd: 2 sambaForceLogoff: 0 sambaRefuseMachinePwdChange: 1 structuralObjectClass: sambaDomain Deleting the former (the one that was not inside the 'ou=Dominios') solved the problem. Now, the 'net getlocalsid' gives me the SID for my domain correct...

...ClearTextPassword sambaDomainName sambaForceLogoff sambaGroupType sambaHomeDrive sambaKickoffTime sambaLMPassword sambaLockoutDuration sambaLockoutObservationWindow sambaLockoutThreshold sambaLogoffTime sambaLogonHours sambaLogonScript sambaLogonTime sambaLogonToChgPwd sambaMaxPwdAge sambaMinPwdAge sambaMinPwdLength sambaNextRid sambaNextUserRid sambaNTPassword sambaPasswordHistory sambaPreviousClearTextPassword sambaPrimaryGroupSID sambaProfilePath sambaPwdCanChange sambaPwdHistoryLength sambaPwdLastSet sambaPwdMustChange sambaRefuseMachinePwdChange sambaSID shadowExpire shadowInactive shadowLastChange shadow...

Hi, I just upgraded one of our samba BDC's (with LDAP back end on solaris 10) from 3.0.23c to 3.0.26a and can no longer mount shares. The error message I'm seeing in the samba logs is [2007/11/15 14:15:26, 1] auth/auth_sam.c:sam_account_ok(172) sam_account_ok: Account for user 'dbb' password must change!. [2007/11/15 14:15:26, 3]

...c=ve,dc=xxxx sambaDomainName: C1.VE sambaSID: S-1-5-21-1230964018-1252349843-1944742870 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaRefuseMachinePwdChange: 0 sambaNextRid: 1002 sambaLockoutDuration: -1 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 3 sambaMinPwdLength: 5 sambaPwdHistoryLength: 5 sambaLogonToChgPwd: 0 sambaMaxPwdAge: 7776000 sambaMinPwdAge: 0 sambaForceLogoff: -1 dn: cn=domusers,ou=group,dc=c1,c=ve,dc=xxxx objectClass: posixGroup objectClass: sambaGroupMapping cn: domusers displayName: Domain Users gidNumber: 10000 sambaSID: S-1-5-21-1230964018-...

...L,dc=example,dc=com objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: LDNSPL sambaSID: S-1-5-21-1979685110-1467996072-351907979 gidNumber: 1000 sambaPwdHistoryLength: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutThreshold: 0 sambaRefuseMachinePwdChange: 0 sambaMinPwdLength: 5 sambaLogonToChgPwd: 0 sambaNextRid: 1001 sambaForceLogoff: -1 uidNumber: 1116 The same query with cn=djohn returns nothing: ... # filter: cn=djohn # requesting: ALL # # search result search: 2 result: 0 Success So some parts of my configuration look to be working but something is not right...

Yes please for the notes. I re-ran the tests without the smbldap-tools. I installed phpldapadmin and am able to login to the apache page using the cn=admin, dn=mydomain and create entries. This kind of tells me that LDAP is working Then I run the pdbedit -Lv and it lists all the users. The following happens when I add the LDAP bits to smb.conf and restart samba.The issue seems to be with samba

...t;> sambaDomainName: MYDOMAIN >> sambaSID: S-1-5-21-3936576374-1604338294-181246221 >> sambaAlgorithmicRidBase: 1000 >> objectClass: sambaDomain > I prefer to add here an auxiliary objectclass: sambaUnixIdPool > More later on > >> sambaNextUserRid: 1000 >> sambaMinPwdLength: 5 >> sambaPwdHistoryLength: 0 >> sambaLogonToChgPwd: 0 >> sambaMaxPwdAge: -1 >> sambaMinPwdAge: 0 >> sambaLockoutDuration: 30 >> sambaLockoutObservationWindow: 30 >> sambaLockoutThreshold: 0 >> sambaForceLogoff: -1 >> sambaRefuseMachinePwdChang...

...name validation for SSL/TLS hosts. > sambaDomainName: MYDOMAIN > sambaSID: S-1-5-21-3936576374-1604338294-181246221 > sambaAlgorithmicRidBase: 1000 > objectClass: sambaDomain I prefer to add here an auxiliary objectclass: sambaUnixIdPool More later on > sambaNextUserRid: 1000 > sambaMinPwdLength: 5 > sambaPwdHistoryLength: 0 > sambaLogonToChgPwd: 0 > sambaMaxPwdAge: -1 > sambaMinPwdAge: 0 > sambaLockoutDuration: 30 > sambaLockoutObservationWindow: 30 > sambaLockoutThreshold: 0 > sambaForceLogoff: -1 > sambaRefuseMachinePwdChange: 0 > sambaNextRid: 1002 > &...