search for: shadowlastchang

Hello, We have an otherwise working Samba PDC+LDAP setup but for one minor detail. The shadowLastChange is not updated when the user sets his password from a Windows workstation (all the necessary Samba*-fields as well as userPassword is updated in LDAP). We've enabled 'ldap passwd sync = Yes' in smb.conf. slapd.conf contains the appropriate access rule for the said field. The 'pa...

...change. With the following settings in smb.conf: ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = New password:%n\nRetype new password:%n\n unix password sync = no ... 1. When I change passwords from Windows, everything is fine except the shadowLastChange field is never updated when shadowMax is nonzero. So the password age feature is not functioning as expected. 2. Later I found shadowLastChange could be updated by smbldap-passwd, so I changed 'unix password sync' from no to yes. In this case, change_oem_password() will return N...

Hello I have a samba 3 working as a PDC with Ldap as a authentication backend. I have a such problem, when user in windows try to change password to samba by ctr+alt+delete, password is changing (password is also sync and it works fine ), but the ldap attribute shadowLastChange doesnt change. What is wrong? thanks in advance tim

Hi, i have configured a Samba PDC based on idealx.org. now, whenever i set the sambaMustChangePassword flag to 0, then from the subsequent logon, there is a popup urge me for changing password. now, the problem is after i have changed the password, the sambaMustChangePassword is set to 2147483647(unix timestamp), which if i converted it into human readable format, it will be 2038 year,

.../smbldap-passwd line 285, <STDIN> line 2. In 5.0 it works without errors. I hope you can help me Tanks, Sebastian Here is the part of the file ////////////////////////////////////////////////////////////////////// # Update 'userPassword' field if ( $update_unix_passwd ) { my $shadowLastChange=int(time()/86400); my $modify; if ($< != 0) { $modify = $ldap_master->modify ( "$dn", changes => [ replace => [userPassword => "$hash_password"],...

...My problem: when a user changes his password from a windows-client (xp) he get an error like "The User name or old password is incorrect. Letters in passwords must be typed using the correct case." The strange is that the server *did* change both Linux and Windows passwords and the shadowLastChange and sambaPwdLastSet attributes also. So all is ok anly i get this "stupid" message. In the samba-logs i see this: [2007/06/18 08:59:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(520) decode_pw_buffer: incorrect password length (-1582166334). [2007/06/18 08:59:08, 0] libsmb/smbencrypt...

Hello, how can I change the user-passwords correctly in my OpenLDAP during Windows-password-change? My problem: The script does only change "userPassword", but not the field "shadowLastChange", so my unix-passwords expired. unix password sync = yes passwd program = /etc/samba/scripts/ldap_userPassword_change %u passwd chat = *New*password* %n\n *new*password* %n\n *Success* #/etc/samba/scripts/ldap_userPassword_change ldappasswd -x -h server-D 'uid=userPassChange,ou=adminis...

I am trying to set up LDAP authentication for CentOS workstations, but can't get it to authenticate properly. Authentication fails saying the account has expired when I know for certain that it has not (e.g. ldapsearch authenticated with the appropriate uid and password returns shadowLastChange 14816 and shadowMax 99999). The last time I did this seriously for authentication was using Apple iMacs authentication against a SuSE Linux machine so it's entirely possible I'm not doing the right thing today. Most of the sites where we're using ldap and nss are not authentication,...

...uid='some numeric' instead of uid=username like that; dn: uid=102220,ou=User,dc=example,dc=com uid: 102220 username: test1 cn: Test Account objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: sambaSamAccount mail: test1 at cdac.in shadowLastChange: 15587 loginShell: /bin/bash uidNumber: 5345 gidNumber: 5345 homeDirectory: /home/test1 userPassword: {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcnw== sambaPwdLastSet: 1473165911 sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7 sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008 sambaAcctFlags: [UX...

...eq index sambaPrimaryGroupSID eq index sambaDomainName eq index sambaGroupType eq index sambaSIDList eq index uniqueMember eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=workgroup" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by dn="cn=admin,dc=workgroup" write by * read smbldap-usershow tommy dn: uid=tom...

...1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=testdom olcAccess: {0}to attrs=sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange by dn="cn=admin,dc=testdom" write by self write by * none olcAccess: {1}to attrs=shadowLastChange by self write by * read olcLastMod: TRUE smb.conf add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/s...

dear All, I'm trying to set Shadow options in Ldap with the help of phpLDAPadmin. This is *what I know : * */Shadowmax : /maximum nr of days a pw can be valid * /ShadowLastchange : /contains the last change of the shadow file * Shadowwarning : nr of days before expiration to warn user. *What I'm trying *to do is have the users 's passwork expire, that works ok. But how can I have them get a warning message? setting Shadowwarning doesn't seem to be doing it....

...ectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: sambaAccount uid: rkhan uidNumber: 1040 gidNumber: 1000 givenName: R sn: Khan cn: R Khan homeDirectory: /home/employees/rkhan loginShell: /bin/false gecos: R Khan shadowMax: 900 shadowWarning: 7 shadowInactive: 2 ou: IT shadowLastChange: 12101 userPassword:: secret rid: 3236 smbHome: \\xo\homes AFTER (BAD): dn: uid=rkhan,ou=Employees,dc=wildpackets,dc=com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: account objectClass: top objectClass: posixAccount objectClass: shadowAccount obje...

....conf I set up a fake root user this way in LDAP: dn: uid=root,ou=People,dc=virginiabeach,dc=net objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: sambaAccount uidNumber: 0 gidNumber: 0 homeDirectory: /home/root loginShell: /bin/bash gecos: root shadowLastChange: 0 shadowMax: 0 shadowWarning: 0 userPassword: {SSHA}GN3hrCs7c8Kgd93df23838hHH uid: root pwdLastSet: 1057974221 logonTime: 0 logoffTime: 2147483647 kickoffTime: 2147483647 pwdCanChange: 2147483647 pwdMustChange: 2147483647 displayName: root cn: root smbHome: \\MY_PDC\homes homeDrive: Z: scriptPath...

Hello, there are a some fields in my LDAP-Tree, I do not understand. What can I do with this fields? # sambaKickoffTime # sambaLogoffTime # sambaLogonTime # sambaMungedDial Is there any endeavor by the maintaner to use the following fields? # shadowExpire # shadowLastChange # shadowMax # shadowWarning by, matze

...ab with mixed Win2k and RH9 computers running Samba 3 and OpenLdap. Right now we're having a problem with password expiration. Samba is working just fine and when a user changes their password, the date changes as well. But for Linux, however the password is being changed is not updating the shadowLastChange parameter. So even though the users are successfully changing their passwords (though Windows), the Linux boxes are denying access due to that parameter not being set. So after saying all that, I am trying to get a handle on what "ldap passwd sync" enables so that I can figure out if t...

.... I have these messages in my slapd logs: conn=14143 op=2 SRCH base="ou=XXX" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=domain\5Cuser))" conn=14143 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire conn=14143 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= always repeating exactly 3 times and then conn=14143 op=5 SRCH base="ou=XXX" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=user))" conn=14143 op=5 SRCH attr=uid userPassword u...

...account (ou=User) (below is sample ldif) dn: uid=2011150,ou=User,dc=acer,dc=in empID: 2011150 username: test1 cn: test1 centre: PN objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount oldempid: 1150 mail: test1 at acer.in givenName: test1 uid: 2011150 shadowLastChange: 15590 loginShell: /bin/bash uidNumber: 11150 gidNumber: 11150 homeDirectory: /mbox4.2/test1 userPassword: {SHA}1SrgdEGUPa/U6KM43Kq9xTgnI7A= and another for samba tree (ou=samba) - (below is sample tree) dn: uid=test1,ou=samba,dc=acer,dc=in uid: test1 sambaSID: S-1-5-21-4079184197-2446238136-32...

...w when I try and login as normal user, which i have enabled with "smbldap-usermod -a yogesh" smbldap-usershow yogesh dn: uid=yogesh,ou=People,dc=biomax,dc=de uid: yogesh cn: yogesh objectClass: account,posixAccount,top,shadowAccount,sambaSamAccount userPassword: {MD5}.SOMELONGHASH .... shadowLastChange: 12900 shadowMax: 10000 loginShell: /bin/bash uidNumber: 668 gidNumber: 100 homeDirectory: /sk-home/yogesh sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: System User sambaSID: S-1-5-21-4...

...ISO8859-15" LC_NUMERIC="fr_FR.ISO8859-15" LC_MONETARY="fr_FR.ISO8859-15" LC_MESSAGES="fr_FR.ISO8859-15" LC_ALL= # smbpasswd testuser (#password here is "mdp") New SMB password: Retype new SMB password: # smbldap-usershow testuser dn: (...) (...) shadowLastChange: 14130 userPassword: {CRYPT}$1$lehDK9Nt$cIXRIoy4LWQJSXtzCmwyB1 sambaPwdLastSet: 1220843814 sambaLMPassword: 468f587067043edcaad3b435b51404ee sambaNTPassword: 97c438f12af3ffc2f22bedc986962e6b # openssl passwd -1 -salt 'lehDK9Nt' Password: (input "mdp" as password) $1$lehDK9Nt...