search for: shadowlastchange

Displaying 20 results from an estimated 43 matches for "shadowlastchange".

2008 Sep 09
1
shadowLastChange problem with Samba+OpenLDAP
...With the following settings in smb.conf: ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = New password:%n\nRetype new password:%n\n unix password sync = no ... 1. When I change passwords from Windows, everything is fine except the shadowLastChange field is never updated when shadowMax is nonzero. So the password age feature is not functioning as expected. 2. Later I found shadowLastChange could be updated by smbldap-passwd, so I changed 'unix password sync' from no to yes. In this case, change_oem_password() will return NT...
2007 Sep 11
3
samba doesnt change shadowLastChange
Hello I have a samba 3 working as a PDC with Ldap as a authentication backend. I have a such problem, when user in windows try to change password to samba by ctr+alt+delete, password is changing (password is also sync and it works fine ), but the ldap attribute shadowLastChange doesnt change. What is wrong? thanks in advance tim
2007 Dec 07
1
CentOP 5.1 Problem with smbldap-passwd
...47;//////////////////////////////////////////// # Update 'userPassword' field if ( $update_unix_passwd ) { my $shadowLastChange=int(time()/86400); my $modify; if ($< != 0) { $modify = $ldap_master->modify ( "$dn", changes => [ replace => [userPassword => "$hash_password"]...
2005 Apr 04
1
Unix-password-sync in LDAP?
Hello, how can I change the user-passwords correctly in my OpenLDAP during Windows-password-change? My problem: The script does only change "userPassword", but not the field "shadowLastChange", so my unix-passwords expired. unix password sync = yes passwd program = /etc/samba/scripts/ldap_userPassword_change %u passwd chat = *New*password* %n\n *new*password* %n\n *Success* #/etc/samba/scripts/ldap_userPassword_change ldappasswd -x -h server-D ...
2010 Jul 26
1
OpenLDAP authentication, account expired when it's not.
I am trying to set up LDAP authentication for CentOS workstations, but can't get it to authenticate properly. Authentication fails saying the account has expired when I know for certain that it has not (e.g. ldapsearch authenticated with the appropriate uid and password returns shadowLastChange 14816 and shadowMax 99999). The last time I did this seriously for authentication was using Apple iMacs authentication against a SuSE Linux machine so it's entirely possible I'm not doing the right thing today. Most of the sites where we're using ldap and nss are not authentication, b...
2011 Aug 11
1
LDAP - Shadow options
dear All, I'm trying to set Shadow options in Ldap with the help of phpLDAPadmin. This is *what I know : * */Shadowmax : /maximum nr of days a pw can be valid * /ShadowLastchange : /contains the last change of the shadow file * Shadowwarning : nr of days before expiration to warn user. *What I'm trying *to do is have the users 's passwork expire, that works ok. But how can I have them get a warning message? setting Shadowwarning doesn't seem to be doing it...
2009 Dec 30
2
Users from trusted domains get "Your Password expires today" in 3.4.3
Hello everyone! We've got a Samba domain that trusts another Samba domain and a Windows Server 2008 domain. We recently upgraded both Samba DCs from 3.0.x to 3.4.3 After that, whenever a user logs on a workstation in the trusting domain with an account from one of the trusted domains, he gets this message: Your Password expires today. Do you want to change it? Of course, the password
2008 Sep 08
0
wrong userPassword hash generated by smbpasswd (pam_password=exop and smbk5pwd ) on a samba+ldap PDC running on FreeBSD
...ISO8859-15" LC_NUMERIC="fr_FR.ISO8859-15" LC_MONETARY="fr_FR.ISO8859-15" LC_MESSAGES="fr_FR.ISO8859-15" LC_ALL= # smbpasswd testuser (#password here is "mdp") New SMB password: Retype new SMB password: # smbldap-usershow testuser dn: (...) (...) shadowLastChange: 14130 userPassword: {CRYPT}$1$lehDK9Nt$cIXRIoy4LWQJSXtzCmwyB1 sambaPwdLastSet: 1220843814 sambaLMPassword: 468f587067043edcaad3b435b51404ee sambaNTPassword: 97c438f12af3ffc2f22bedc986962e6b # openssl passwd -1 -salt 'lehDK9Nt' Password: (input "mdp" as password) $1$lehDK9Nt$...
2008 Feb 22
2
Adding a machine account to Samba PCD + LDAP?
How does one go about adding a machine account, or even a normal samba account, on a Samba PDC with LDAP back end? I wanted to avoid using something like smbldap-useradd, because I want to actually understand what's going on. I'm assuming it's just some sort of small ldif to add, like I would for adding user, am I wrong? Thanks, Kyle
2009 Nov 29
0
password expiration
...eq index sambaPrimaryGroupSID eq index sambaDomainName eq index sambaGroupType eq index sambaSIDList eq index uniqueMember eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=workgroup" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by dn="cn=admin,dc=workgroup" write by * read smbldap-usershow tommy dn: uid=tommy,ou=U...
2007 Sep 26
2
smbldap-useradd problem
Dear list, Arghl! (I'm sure you know the feeling). I'm still hooked on Samba by example, and trying to add users to my ldap tree. $ smbldap-useradd -m -a ldaptest2 Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-useradd line 197 The documentation of the smbldap scripts mentions this sort of error (albeit with a different line number).
2009 Apr 30
2
PDC: Linux Client can't join the domain.
Hi there. I've a problem with using samba as Primary Domain Controller with backend ldap. Version release (Samba 3.2.5, OpenLDAP 2.4.11) on Debian Lenny. When I try to join the domain with a Windows XP Pro Client, all works fine...profiles updating, logon, ecc..but when I try to join the domain with a Linux Client (Slackware 12.1) I get different errors: client:~# net rpc join -U
2011 Oct 13
3
Samba, OpenLDAP and Passwords
Hi, I have an existing OpenLDAP directory, that I want to use as the backend for a Samba 3 instance. I do not want for now making Samba a Domain Controller, but only define in it some shares accessible by users on LDAP. I have imported in my slapd.conf the samba schema, and I have inserted in my smb.conf all the directives for connecting to an LDAP server: passdb backend =
2005 Jul 14
0
[Fwd: Re: Dovecot and ActiveDirectory]
...base dc=xxxxx,dc=ad,dc=rdg,dc=ac,dc=uk binddn cn=xxxuser,cn=users,dc=xxxxx,dc=ad,dc=rdg,dc=ac,dc=uk bindpw xxxpasswd nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group nss_map_attribute uniqueMember member pam_login_attribute sAMAccountName pam_filter objectclass=User pam_password ad xxxuser is a read-only account in the AD. /etc/pam.conf: ... dovecot auth required /opt/RDGpldap&...
2008 Oct 31
1
LDAP and expired passwords
CentOS 5.2 with OpenLDAP 2.3.27, nss_ldap_253.13, using TLS, i686 and x86_64. If a user with an expired password (shadowLastChange + shadowMax < current day) logs in to a system where ldap.conf points first to a consumer-only LDAP server, the password change operation (exop) proceeds and fails with: LDAP password information update failed: Referral If I comment out "ssl start_tls", the referral to the master...
2007 Oct 26
0
acl for samba hosts
Hi list, i got an question about the right acls for my Samba+ldap can someone have an look. acl.conf access to dn.base="" by * read access to dn.base="cn=subSchema" by * read access to attrs=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to dn.subtree="ou=adressbuch,dc=test,dc=intern" by users write by * read access to dn.subtree="ou=users,dc=test,dc=intern" by self write by dn="uid=admin,ou=users,dc=test,dc=intern" by * read access to dn.subtree="ou=groups...
2008 Mar 21
0
problem loading ldif
...mawhite cn: Mary Alice White givenName: Mary Alice sn: White mail: mawhite@mdah.state.ms.us objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: hostObject userPassword:: xxxxxxxxxxxxxxxx shadowLastChange: 13923 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 651 homeDirectory: /home/mawhite gecos: Mary Alice White structuralObjectClass: inetOrgPerson creatorsName: cn=Manager,dc=mdah,dc=state,dc=ms,dc=us host: roark host: welty host: manship host: archives4 gidNumb...
2013 May 09
0
Using Windows­­­­ ACL on a samba3 share
...sing: > > [...] > access to dn.base="" > by * read > > access to dn.base="cn=Subschema" > by * read > > access to attrs=userPassword,userPKCS12 > by self write > by * auth > > access to attrs=shadowLastChange > by self write > by * read > > access to * > by * read > > [...] > You could start by disabling those lines and see if the problem disappears. If not, you should probably revise the entire configuration. The "Samba by Example&quot...
2005 Aug 19
0
password changing errors
...objectClass: shadowAccount objectClass: sambaSamAccount sambaSID: S-1-5-21-112718084-1284083569-2990761952-5532 sambaPrimaryGroupSID: S-1-5-21-112718084-1284083569-2990761952-5057 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdCanChange: 1101921819 shadowLastChange: 12829 sambaAcctFlags: [UX ] sambaPwdMustChange: 1209265396 sambaHomePath: \\fgoserv\pgienger sambaLMPassword: F095287D9161743BAAD3XXXXXXXXXXXX sambaNTPassword: 1C67D5538C78A1C1687CXXXXXXXXXXXX sambaPwdLastSet: 1124478817 userPassword:: e0NSWVBUfWN1LmJIWXVblahblak= Free cookies to anyone...
2010 Aug 26
1
Migrating samba domain to new computer.
Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join