search for: shadowlastchange

...With the following settings in smb.conf: ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = New password:%n\nRetype new password:%n\n unix password sync = no ... 1. When I change passwords from Windows, everything is fine except the shadowLastChange field is never updated when shadowMax is nonzero. So the password age feature is not functioning as expected. 2. Later I found shadowLastChange could be updated by smbldap-passwd, so I changed 'unix password sync' from no to yes. In this case, change_oem_password() will return NT...

Hello I have a samba 3 working as a PDC with Ldap as a authentication backend. I have a such problem, when user in windows try to change password to samba by ctr+alt+delete, password is changing (password is also sync and it works fine ), but the ldap attribute shadowLastChange doesnt change. What is wrong? thanks in advance tim

...47;//////////////////////////////////////////// # Update 'userPassword' field if ( $update_unix_passwd ) { my $shadowLastChange=int(time()/86400); my $modify; if ($< != 0) { $modify = $ldap_master->modify ( "$dn", changes => [ replace => [userPassword => "$hash_password"]...

Hello, how can I change the user-passwords correctly in my OpenLDAP during Windows-password-change? My problem: The script does only change "userPassword", but not the field "shadowLastChange", so my unix-passwords expired. unix password sync = yes passwd program = /etc/samba/scripts/ldap_userPassword_change %u passwd chat = *New*password* %n\n *new*password* %n\n *Success* #/etc/samba/scripts/ldap_userPassword_change ldappasswd -x -h server-D ...

I am trying to set up LDAP authentication for CentOS workstations, but can't get it to authenticate properly. Authentication fails saying the account has expired when I know for certain that it has not (e.g. ldapsearch authenticated with the appropriate uid and password returns shadowLastChange 14816 and shadowMax 99999). The last time I did this seriously for authentication was using Apple iMacs authentication against a SuSE Linux machine so it's entirely possible I'm not doing the right thing today. Most of the sites where we're using ldap and nss are not authentication, b...

dear All, I'm trying to set Shadow options in Ldap with the help of phpLDAPadmin. This is *what I know : * */Shadowmax : /maximum nr of days a pw can be valid * /ShadowLastchange : /contains the last change of the shadow file * Shadowwarning : nr of days before expiration to warn user. *What I'm trying *to do is have the users 's passwork expire, that works ok. But how can I have them get a warning message? setting Shadowwarning doesn't seem to be doing it...

Hello everyone! We've got a Samba domain that trusts another Samba domain and a Windows Server 2008 domain. We recently upgraded both Samba DCs from 3.0.x to 3.4.3 After that, whenever a user logs on a workstation in the trusting domain with an account from one of the trusted domains, he gets this message: Your Password expires today. Do you want to change it? Of course, the password

...ISO8859-15" LC_NUMERIC="fr_FR.ISO8859-15" LC_MONETARY="fr_FR.ISO8859-15" LC_MESSAGES="fr_FR.ISO8859-15" LC_ALL= # smbpasswd testuser (#password here is "mdp") New SMB password: Retype new SMB password: # smbldap-usershow testuser dn: (...) (...) shadowLastChange: 14130 userPassword: {CRYPT}$1$lehDK9Nt$cIXRIoy4LWQJSXtzCmwyB1 sambaPwdLastSet: 1220843814 sambaLMPassword: 468f587067043edcaad3b435b51404ee sambaNTPassword: 97c438f12af3ffc2f22bedc986962e6b # openssl passwd -1 -salt 'lehDK9Nt' Password: (input "mdp" as password) $1$lehDK9Nt$...

How does one go about adding a machine account, or even a normal samba account, on a Samba PDC with LDAP back end? I wanted to avoid using something like smbldap-useradd, because I want to actually understand what's going on. I'm assuming it's just some sort of small ldif to add, like I would for adding user, am I wrong? Thanks, Kyle

...eq index sambaPrimaryGroupSID eq index sambaDomainName eq index sambaGroupType eq index sambaSIDList eq index uniqueMember eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=workgroup" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by dn="cn=admin,dc=workgroup" write by * read smbldap-usershow tommy dn: uid=tommy,ou=U...

Dear list, Arghl! (I'm sure you know the feeling). I'm still hooked on Samba by example, and trying to add users to my ldap tree. $ smbldap-useradd -m -a ldaptest2 Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-useradd line 197 The documentation of the smbldap scripts mentions this sort of error (albeit with a different line number).

Hi there. I've a problem with using samba as Primary Domain Controller with backend ldap. Version release (Samba 3.2.5, OpenLDAP 2.4.11) on Debian Lenny. When I try to join the domain with a Windows XP Pro Client, all works fine...profiles updating, logon, ecc..but when I try to join the domain with a Linux Client (Slackware 12.1) I get different errors: client:~# net rpc join -U

Hi, I have an existing OpenLDAP directory, that I want to use as the backend for a Samba 3 instance. I do not want for now making Samba a Domain Controller, but only define in it some shares accessible by users on LDAP. I have imported in my slapd.conf the samba schema, and I have inserted in my smb.conf all the directives for connecting to an LDAP server: passdb backend =

...base dc=xxxxx,dc=ad,dc=rdg,dc=ac,dc=uk binddn cn=xxxuser,cn=users,dc=xxxxx,dc=ad,dc=rdg,dc=ac,dc=uk bindpw xxxpasswd nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group nss_map_attribute uniqueMember member pam_login_attribute sAMAccountName pam_filter objectclass=User pam_password ad xxxuser is a read-only account in the AD. /etc/pam.conf: ... dovecot auth required /opt/RDGpldap&...

CentOS 5.2 with OpenLDAP 2.3.27, nss_ldap_253.13, using TLS, i686 and x86_64. If a user with an expired password (shadowLastChange + shadowMax < current day) logs in to a system where ldap.conf points first to a consumer-only LDAP server, the password change operation (exop) proceeds and fails with: LDAP password information update failed: Referral If I comment out "ssl start_tls", the referral to the master...

Hi list, i got an question about the right acls for my Samba+ldap can someone have an look. acl.conf access to dn.base="" by * read access to dn.base="cn=subSchema" by * read access to attrs=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to dn.subtree="ou=adressbuch,dc=test,dc=intern" by users write by * read access to dn.subtree="ou=users,dc=test,dc=intern" by self write by dn="uid=admin,ou=users,dc=test,dc=intern" by * read access to dn.subtree="ou=groups...

...mawhite cn: Mary Alice White givenName: Mary Alice sn: White mail: mawhite@mdah.state.ms.us objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: hostObject userPassword:: xxxxxxxxxxxxxxxx shadowLastChange: 13923 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 651 homeDirectory: /home/mawhite gecos: Mary Alice White structuralObjectClass: inetOrgPerson creatorsName: cn=Manager,dc=mdah,dc=state,dc=ms,dc=us host: roark host: welty host: manship host: archives4 gidNumb...

...sing: > > [...] > access to dn.base="" > by * read > > access to dn.base="cn=Subschema" > by * read > > access to attrs=userPassword,userPKCS12 > by self write > by * auth > > access to attrs=shadowLastChange > by self write > by * read > > access to * > by * read > > [...] > You could start by disabling those lines and see if the problem disappears. If not, you should probably revise the entire configuration. The "Samba by Example&quot...

...objectClass: shadowAccount objectClass: sambaSamAccount sambaSID: S-1-5-21-112718084-1284083569-2990761952-5532 sambaPrimaryGroupSID: S-1-5-21-112718084-1284083569-2990761952-5057 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdCanChange: 1101921819 shadowLastChange: 12829 sambaAcctFlags: [UX ] sambaPwdMustChange: 1209265396 sambaHomePath: \\fgoserv\pgienger sambaLMPassword: F095287D9161743BAAD3XXXXXXXXXXXX sambaNTPassword: 1C67D5538C78A1C1687CXXXXXXXXXXXX sambaPwdLastSet: 1124478817 userPassword:: e0NSWVBUfWN1LmJIWXVblahblak= Free cookies to anyone...

Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join