search for: shadowexpir

Hi, I am trying to configure Dovecot (2.2.27) with LDAP passdb, specifically with authentication binds (https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds). Atribute shadowExpire has a unix time stamp value. Is there a way to write pass_filter like shadowExpire<ToDay? Or maybe there is better way to implement password expiration in Dovecot? -- Pagarbiai Mantas Gegu?is VU Informacini? technologij? taikymo centras

...users,dc=mydomain,dc=ru" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=winhost$))" Aug 7 16:35:12 main slapd[28229]: conn=19118 op=3 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass sh adowLastChange shadowMax shadowExpire Aug 7 16:35:12 main slapd[28229]: conn=19118 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text= Aug 7 16:35:12 main slapd[28229]: conn=19118 op=4 SRCH base="ou=users,dc=mydomain,dc=ru" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=winhost$))" Aug 7 16:35:12...

hi all, I'm using postfix, LDAP, dovecot and horde for webmail. user and password information is stored in LDAP. I'm attempting to get password aging working properly and am not having much luck. even if password has expired user can login, can i tell dovecot to control the LDAP field shadowexpired? or is there some other way to check properly that the password is expired before allowing the user log in? thank's /roby

...last change of the shadow file * Shadowwarning : nr of days before expiration to warn user. *What I'm trying *to do is have the users 's passwork expire, that works ok. But how can I have them get a warning message? setting Shadowwarning doesn't seem to be doing it. Do I have to set Shadowexpire as well for this? *Also, *how can I have users change the password at first logon? * *I cannot configure the LDAP files themselves, I only have access via phpLDAPadmin. Thanks for any advise. greetings, James -- Johan Vermeulen IT-medewerker Caw De Kempen johan.vermeulen at cawdekempen.be 04...

Hello, there are a some fields in my LDAP-Tree, I do not understand. What can I do with this fields? # sambaKickoffTime # sambaLogoffTime # sambaLogonTime # sambaMungedDial Is there any endeavor by the maintaner to use the following fields? # shadowExpire # shadowLastChange # shadowMax # shadowWarning by, matze

...my slapd logs: conn=14143 op=2 SRCH base="ou=XXX" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=domain\5Cuser))" conn=14143 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire conn=14143 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= always repeating exactly 3 times and then conn=14143 op=5 SRCH base="ou=XXX" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=user))" conn=14143 op=5 SRCH attr=uid userPassword uidNumber gidNumber cn h...

...mbaSamAccount cn: hein uid: hein gidNumber: 106 homeDirectory: /home/lehrer/hein uidNumber: 1508 gecos: Alfred Hein, Lehrer, IST loginShell: /bin/bash shadowMin: 0 shadowMax: 99999 sambaProfilePath: \\wilma2\profile displayName: Alfred Hein, Lehrer, IST sambaHomeDrive: H: givenName: Alfred sn: Hein shadowExpire: 21915 sambaPwdCanChange: 1041375601 sambaPwdMustChange: 1799967609 sambaAcctFlags: [UX ] sambaDomainName: WMS-NET sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1213 sambaSID: S-1-5-21-3371203057-3264423045-2392767973-4016 dn: uid=holger,ou=sonder,ou=people,dc=wms-hn,dc=...

...Pwd sambaMaxPwdAge sambaMinPwdAge sambaMinPwdLength sambaNextRid sambaNextUserRid sambaNTPassword sambaPasswordHistory sambaPreviousClearTextPassword sambaPrimaryGroupSID sambaProfilePath sambaPwdCanChange sambaPwdHistoryLength sambaPwdLastSet sambaPwdMustChange sambaRefuseMachinePwdChange sambaSID shadowExpire shadowInactive shadowLastChange shadowMax shadowMin shadowWarning sn st street telephoneNumber title uid uidNumber userPassword

...er, was user "anger": dn: uid=anger,ou=People,dc=nspuh,dc=cz objectClass: shadowAccount objectClass: person objectClass: inetOrgPerson objectClass: OXUserObject objectClass: posixAccount objectClass: top objectClass: sambaSamAccount uid: anger shadowMin: 0 shadowMax: 9999 shadowWarning: 7 shadowExpire: 0 cn: anger preferredLanguage: EN userCountry: Czech Republic mailEnabled: OK lnetMailAccess: TRUE OXAppointmentDays: 5 OXGroupID: 500 OXTaskDays: 5 OXTimeZone:: RXVyb3BlL3ByYWd1ZSA= loginShell: /usr/bin/ksh uidNumber: 270 gidNumber: 20 homeDirectory: /home/anger sambaSID: S-1-5-21-......-1540 em...

..."anger": dn: uid=anger,ou=People,dc=nspuh,dc=cz objectClass: shadowAccount objectClass: person objectClass: inetOrgPerson objectClass: OXUserObject objectClass: posixAccount objectClass: top objectClass: sambaSamAccount uid: anger shadowMin: 0 shadowMax: 9999 shadowWarning: 7 shadowExpire: 0 cn: anger preferredLanguage: EN userCountry: Czech Republic mailEnabled: OK lnetMailAccess: TRUE OXAppointmentDays: 5 OXGroupID: 500 OXTaskDays: 5 OXTimeZone:: RXVyb3BlL3ByYWd1ZSA= loginShell: /usr/bin/ksh uidNumber: 270 gidNumber: 20 homeDirectory: /home/anger sambaSID: S-1-5-21-...

...Number: 1177 sambaSID: S-1-5-21-2925918746-2661067204-1764633667-2002 sambaLMPassword: ED84DDFFD9A97C2ECA922D8A7EE0CA0B sambaAcctFlags: [U] sambaNTPassword: 079073B583031A7AAE5D5C2D049FC05A userPassword:: e1NTSEF9TEl6QXB1TEpkNDZ6N1hxWFFiNFhTWUtxbXZKcmMwOTU= shadowLastChange: 17038 shadowWarning: 4 shadowExpire: 17449 shadowMax: 99999 sambaKickoffTime: 1507597200 sambaPwdLastSet: 1476091342 sambaPwdMustChange: 2147483647 shadowMin: 99999 now, one server (4.2.10) fails, smbclient locally: SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE pdbedit -v ... Primary group S-1...

...spuh,dc=cz > objectClass: shadowAccount > objectClass: person > objectClass: inetOrgPerson > objectClass: OXUserObject > objectClass: posixAccount > objectClass: top > objectClass: sambaSamAccount > uid: anger > shadowMin: 0 > shadowMax: 9999 > shadowWarning: 7 > shadowExpire: 0 > cn: anger > preferredLanguage: EN > userCountry: Czech Republic > mailEnabled: OK > lnetMailAccess: TRUE > OXAppointmentDays: 5 > OXGroupID: 500 > OXTaskDays: 5 > OXTimeZone:: RXVyb3BlL3ByYWd1ZSA= > loginShell: /usr/bin/ksh > uidNumber: 270 > gidNumber: 20...

Is there any way to make user account expired similar to shadowExpire attribute in nis.schema? --beast

Hello, To harden security, I've modified the smbldap-passwd script so that it update sambaPwdMustChange, sambaKickoffTime and shadowExpire fields; also, a simple script notifying users with expiration date approaching has been set up. I have also added a call to cracklib to check password strength prior to applying it. It all works well, but the task it to force users to use unique password every time they have to change it. A typic...

...ordHistory: $0000000000000000000000000000000000000000000000000000000000000000 $sambaPrimaryGroupSID: S-1-5-21-3465419679-3835903379-2357785547-5001 $sambaPwdCanChange: 1122032494 $sambaPwdLastSet: 1122032494 $sambaPwdMustChange: 2147483647 $sambaSID: S-1-5-21-3465419679-3835903379-2357785547-5040 $shadowExpire: -1 $shadowFlag: 134538308 $shadowInactive: -1 $shadowLastChange: 11192 $shadowMax: 99999 $shadowMin: -1 $shadowWarning: 7 $sn: XXX $uid: userx $uidNumber: 2020 $userPassword:: XXX I have Samba 3.0.14a-3 on Debian Linux Sarge with kernel 2.6.8-2-386. LDAP server is IBM Directory Server 5.2 with...

...ntOS client machine, and don't find anything that helps me figure out is causing it to think the account has expired. The LDAP attributes that I think are relevant on a test account are below. I don't see anything here that looks hinky, but then I am fairly ignorant on PAM authentication. shadowExpire 0 shadowFlag 0 shadowInactive 0 shadowLastChange 14816 shadowMax 99999 shadowMin 0 shadowWarning 7 Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 980...

...ordHistory: $0000000000000000000000000000000000000000000000000000000000000000 $sambaPrimaryGroupSID: S-1-5-21-3465419679-3835903379-2357785547-5001 $sambaPwdCanChange: 1122032494 $sambaPwdLastSet: 1122032494 $sambaPwdMustChange: 2147483647 $sambaSID: S-1-5-21-3465419679-3835903379-2357785547-5040 $shadowExpire: -1 $shadowFlag: 134538308 $shadowInactive: -1 $shadowLastChange: 11192 $shadowMax: 99999 $shadowMin: -1 $shadowWarning: 7 $sn: XXX $uid: userx $uidNumber: 2020 $userPassword:: XXX I have Samba 3.0.14a-3 on Debian Linux Sarge with kernel 2.6.8-2-386. LDAP server is IBM Directory Server 5.2 with...

...spuh,dc=cz > objectClass: shadowAccount > objectClass: person > objectClass: inetOrgPerson > objectClass: OXUserObject > objectClass: posixAccount > objectClass: top > objectClass: sambaSamAccount > uid: anger > shadowMin: 0 > shadowMax: 9999 > shadowWarning: 7 > shadowExpire: 0 > cn: anger > preferredLanguage: EN > userCountry: Czech Republic > mailEnabled: OK > lnetMailAccess: TRUE > OXAppointmentDays: 5 > OXGroupID: 500 > OXTaskDays: 5 > OXTimeZone:: RXVyb3BlL3ByYWd1ZSA= > loginShell: /usr/bin/ksh > uidNumber: 270 > gidNumber: 20...

...rg write by self write by anonymous auth by * none access to attr=shadowLastChange by dn=uid=Administrator,ou=users,dc=myorg,dc=org write by self write by anonymous auth by * none access to attr=shadowMin,shadowMax,shadowWarning,shadowInactive,shadowExpire by dn=uid=Administrator,ou=users,dc=myorg,dc=org write by self read by anonymous auth by * none access to attr=loginShell,gecos by dn=uid=Administrator,ou=users,dc=myorg,dc=org write by self write by * read access to * by dn=uid=Admin...

Hallo, I'm asking myself, which LDAP attributes are mandatory which optional for user and workstation accounts. After using the smbldap-populate command there where different attributes set than for adding users with the smbldap-useradd command. --- snip --- sambaAcctFlags: sambaHomeDrive: sambaHomePath: sambaKickoffTime: sambaLMPassword: sambaLogoffTime: sambaLogonScript: sambaLogonTime: