search for: sambarefusemachinepwdchang

Hi, we have a couple of Linux RHEL 5 samba servers in a domain, one as PDC and the other as BDC, and both with LDAP backends samba version is 3.0.28-1 We want pc clients can't change their machine password using sambaRefuseMachinePwdChange policy, so we set it to 1 in LDAP But pc clients still can change their passwords, and we don't see any acces to sambaRefuseMachinePwdChange attribute on LDAP logs. Is it not used in this version yet? Must we do something special to use it? Thanks in advance. Frank

Hello everyone, I have a Samba 3.4.7 + OpenLDAP working as PDC. Since this morning, some computers, mainly the ones with Windows 7, are getting trust relationship problems and I cannot find the source of the problem. All my windows boxes do automatic updates, and there was a pack of 9 or 10 updates yesterday, but i don't know if this have some relation with the problem. I don't know

...oing some research, i managed to solve this by adding the following LDAP attributes to the access rules in slapd.conf: sambaMinPwdLength sambaPwdHistoryLength sambaLogonToChgPwd sambaMaxPwdAge sambaMinPwdAge sambaLockoutDuration sambaLockoutObservationWindow sambaLockoutThreshold sambaForceLogoff sambaRefuseMachinePwdChange But one problem still exists: If Windows-users change their password via the normal Windows dialog, the password got changed in LDAP , also the sambaLastChange attribute got updated , BUT sambaPwdCanChange and sambaPwdMustChange attributes didn't update and so all the Maximum Password Age...

...Rid: 1000// // sambaMinPwdLength: 5// // sambaPwdHistoryLength: 0// // sambaLogonToChgPwd: 0// // sambaMaxPwdAge: -1// // sambaMinPwdAge: 0// // sambaLockoutDuration: 30// // sambaLockoutObservationWindow: 30// // sambaLockoutThreshold: 0// // sambaForceLogoff: -1// // sambaRefuseMachinePwdChange: 0/ # samba's attributes (objectclass) / sambaSamAccountsambaconfig, sambagroupmapping, sambaidmapentry, etc ../ # openldap directory tree * dc=my_domain, dc=com o ou=Groups + groupe a (user1, user2, etc ..) + groupe b (user3, user4, etc ..) + gro...

...sambaDomain objectClass: sambaUnixIdPool sambaDomainName: EVAN sambaSID: S-1-5-21-1042031166-387543594-2118856591 sambaMinPwdAge: 0 sambaMaxPwdAge: -1 sambaLockoutThreshold: 0 sambaMinPwdLength: 5 sambaLogonToChgPwd: 0 sambaForceLogoff: -1 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaRefuseMachinePwdChange: 0 sambaPwdHistoryLength: 0 gidNumber: 3616 sambaNextRid: 1183 uidNumber: 12704 Thank you! Best, Alex

...idBase: 1000 objectClass: sambaDomain objectClass: sambaUnixIdPool sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 sambaNextRid: 1001 uidNumber: 10000 gidNumber: 10000 When I tried to add a Windows 7 machine to the domain I get " Unknown user or wrong password". I was using the "sadmin" login who is in the "sudo". I dumped the user's details into a ldif file and imported i...

...aUnixIdPool > sambaNextUserRid: 1000 > sambaMinPwdLength: 5 > sambaPwdHistoryLength: 0 > sambaLogonToChgPwd: 0 > sambaMaxPwdAge: -1 > sambaMinPwdAge: 0 > sambaLockoutDuration: 30 > sambaLockoutObservationWindow: 30 > sambaLockoutThreshold: 0 > sambaForceLogoff: -1 > sambaRefuseMachinePwdChange: 0 > sambaNextRid: 1001 > uidNumber: 10000 > gidNumber: 10000 Fine. Are the names mydomain your real and wished names, or are they coming from samdb migration? > > When I tried to add a Windows 7 machine to the domain I get " Unknown > user or wrong password". I was...

...-3143254707 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 structuralObjectClass: sambaDomain entryUUID: 6470ac16-262b-1030-84d9-1370b5f1fe61 creatorsName: cn=admin,dc=server,dc=nas createTimestamp: 20110608145736Z entryCSN: 20110608145736Z#000007#00#000000 modifiersName: cn=admin,dc=server,dc=nas modifyTimestamp: 20110608145736Z dn: cn=users,ou=Group...

Yes please for the notes. I re-ran the tests without the smbldap-tools. I installed phpldapadmin and am able to login to the apache page using the cn=admin, dn=mydomain and create entries. This kind of tells me that LDAP is working Then I run the pdbedit -Lv and it lists all the users. The following happens when I add the LDAP bits to smb.conf and restart samba.The issue seems to be with samba

After moving from Redhat AS4 to RHEL 5.5 we started noticing these error messages in the messages log. Upgrade procedure was to build new machine with updated OS, install new samba, duplicate existing ldap server connections, and then shutdown the old box and put new one in place. Messages were not seen on AS4 box and smb.conf file is identical on new box. I am wondering if there was a change

...Unit dn: sambaDomainName=DOMINIO,ou=Dominios,dc=dominio,dc=com,dc=br objectClass: sambaDomain sambaAlgorithmicRidBase: 1000 sambaSID: S-1-5-21-874179082-3571801642-3889913597 sambaDomainName: DOMINIO sambaMinPwdLength: 4 sambaLogonToChgPwd: 2 sambaForceLogoff: 0 sambaRefuseMachinePwdChange: 1 structuralObjectClass: sambaDomain Deleting the former (the one that was not inside the 'ou=Dominios') solved the problem. Now, the 'net getlocalsid' gives me the SID for my domain correctly. I don't know if this have any relation with my new problem, but i created a...

...Script sambaLogonTime sambaLogonToChgPwd sambaMaxPwdAge sambaMinPwdAge sambaMinPwdLength sambaNextRid sambaNextUserRid sambaNTPassword sambaPasswordHistory sambaPreviousClearTextPassword sambaPrimaryGroupSID sambaProfilePath sambaPwdCanChange sambaPwdHistoryLength sambaPwdLastSet sambaPwdMustChange sambaRefuseMachinePwdChange sambaSID shadowExpire shadowInactive shadowLastChange shadowMax shadowMin shadowWarning sn st street telephoneNumber title uid uidNumber userPassword

...ctClass: organizationalUnit objectClass: sambaUnixIdPool ou: idmap gidNumber: 10016 uidNumber: 10004 dn: sambaDomainName=C1.VE,dc=c1,c=ve,dc=xxxx sambaDomainName: C1.VE sambaSID: S-1-5-21-1230964018-1252349843-1944742870 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaRefuseMachinePwdChange: 0 sambaNextRid: 1002 sambaLockoutDuration: -1 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 3 sambaMinPwdLength: 5 sambaPwdHistoryLength: 5 sambaLogonToChgPwd: 0 sambaMaxPwdAge: 7776000 sambaMinPwdAge: 0 sambaForceLogoff: -1 dn: cn=domusers,ou=group,dc=c1,c=ve,dc=xxxx objectClass: pos...

...e.com dn: sambaDomainName=LDNSPL,dc=example,dc=com objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaDomainName: LDNSPL sambaSID: S-1-5-21-1979685110-1467996072-351907979 gidNumber: 1000 sambaPwdHistoryLength: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutThreshold: 0 sambaRefuseMachinePwdChange: 0 sambaMinPwdLength: 5 sambaLogonToChgPwd: 0 sambaNextRid: 1001 sambaForceLogoff: -1 uidNumber: 1116 The same query with cn=djohn returns nothing: ... # filter: cn=djohn # requesting: ALL # # search result search: 2 result: 0 Success So some parts of my configuration look to be working but...

There was an earlier thread about failing trust relationships between Windows 7 and Samba. Since we occasionally experience the same problem with Win 7 clients against a Samba 3.5.4 server, I investigated this a bit further. I think it happens when - the time to change the machine password has arrived - the Win 7 machine is up, but no one is logged on (login box is shown on the screen). To

...67-41686038 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 # search result search: 3 result: 0 Success # numResponses: 3 # numEntries: 2 Now the member server's smb.conf [global] workgroup = SUNTECH netbios name = SERVER02 security = user local master = no domain master = no preferred master = no domain logons = no passdb back...

...>> sambaMinPwdLength: 5 >> sambaPwdHistoryLength: 0 >> sambaLogonToChgPwd: 0 >> sambaMaxPwdAge: -1 >> sambaMinPwdAge: 0 >> sambaLockoutDuration: 30 >> sambaLockoutObservationWindow: 30 >> sambaLockoutThreshold: 0 >> sambaForceLogoff: -1 >> sambaRefuseMachinePwdChange: 0 >> sambaNextRid: 1002 >> >> >> >> >> ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config >> 'olcAttributeTypes=*' dn >> SASL/EXTERNAL authentication started >> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=ext...

...e later on > sambaNextUserRid: 1000 > sambaMinPwdLength: 5 > sambaPwdHistoryLength: 0 > sambaLogonToChgPwd: 0 > sambaMaxPwdAge: -1 > sambaMinPwdAge: 0 > sambaLockoutDuration: 30 > sambaLockoutObservationWindow: 30 > sambaLockoutThreshold: 0 > sambaForceLogoff: -1 > sambaRefuseMachinePwdChange: 0 > sambaNextRid: 1002 > > > > > ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config > 'olcAttributeTypes=*' dn > SASL/EXTERNAL authentication started > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > SASL SSF: 0 >...

...Pool sambaPwdHistoryLength: 0 sambaNextGroupRid: 67109863 uidNumber: 1005 sambaLogonToChgPwd: 0 sambaLockoutDuration: 30 sambaMaxPwdAge: -1 sambaForceLogoff: -1 sambaLockoutThreshold: 0 gidNumber: 1000 sambaSID: S-1-5-21-317703500-4181503002-770181164 sambaNextUserRid: 67109862 sambaMinPwdLength: 5 sambaRefuseMachinePwdChange: 0 sambaAlgorithmicRidBase: 1000 sambaLockoutObservationWindow: 30 ---------------- SMB.CONF ----------------------------------- [global] workgroup = BLAHDEV netbios name = BLAHDEV-PDC security = user server string = Samba Server log level = 2 syslog = 0 log file = /var/log...

Hi, we are using SAMBA 3.6.1-1 (updating this archlinux machine is tooo ugly) and 3.6.6-1 on archlinux with the LDAP (Server version is 2.4.26-3) backend and manage the users, groups and computer by using the smbldap-tools. Currently we are experiencing the following problems: 1. changing the passwords takes longer than 30 seconds <- That's bad because we are using a gigabit ethernet