search for: shadowmax

...;boites) I made the userdb (prefetch) return the system_user extra_field (for now, I'm using an used LDAP attribute - I will create a new attribute in my schema later) : pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,,,uidNumber=userdb_uid,gidNumber=userdb_gid,shadowMax=userdb_system_user and it seems to be actually returned : Jan 27 09:34:10 munster3 dovecot: auth(default): ldap(foobar,157.99.64.42): result: uid(user)=foobar uidNumber(userdb_uid)=xxx gidNumber(userdb_gid)=xxx homeDirectory(userdb_home)=/home1/xxx/foobar userPassword(password)=...

...1 root doveshared 0 Jan 26 18:25 public/.box/dovecot-shared provided that my prefetch userdb returns system_user, as I think the following says in dovecot-ldap.conf : pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,,,uidNumber=userdb_uid,gidNumber=userdb_gid,shadowMax=userdb_system_user and providedt that in LDAP shadowMax: 80 (whatever value). But this doesn't seem to work. By the way : Am I supposed to have a dovecot-shared file in public as well (that is not only in public/.box) ? 3) let's say I try ACLs with the same setup (anyone <all per...

...to set up LDAP authentication for CentOS workstations, but can't get it to authenticate properly. Authentication fails saying the account has expired when I know for certain that it has not (e.g. ldapsearch authenticated with the appropriate uid and password returns shadowLastChange 14816 and shadowMax 99999). The last time I did this seriously for authentication was using Apple iMacs authentication against a SuSE Linux machine so it's entirely possible I'm not doing the right thing today. Most of the sites where we're using ldap and nss are not authentication, but simply going to u...

...ge. Then i use smbldap-passwd <user> i get an error: smbldap-passwd test Changing UNIX and samba passwords for test New password: Retype new password: Use of uninitialized value in string at /usr/sbin/smbldap-passwd line 277, <STDIN> line 2. Failed to modify UNIX password: shadowMax: value #0 invalid per syntax at /usr/sbin/smbldap-passwd line 285, <STDIN> line 2. In 5.0 it works without errors. I hope you can help me Tanks, Sebastian Here is the part of the file //////////////////...

dear All, I'm trying to set Shadow options in Ldap with the help of phpLDAPadmin. This is *what I know : * */Shadowmax : /maximum nr of days a pw can be valid * /ShadowLastchange : /contains the last change of the shadow file * Shadowwarning : nr of days before expiration to warn user. *What I'm trying *to do is have the users 's passwork expire, that works ok. But how can I have them get a war...

...ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = New password:%n\nRetype new password:%n\n unix password sync = no ... 1. When I change passwords from Windows, everything is fine except the shadowLastChange field is never updated when shadowMax is nonzero. So the password age feature is not functioning as expected. 2. Later I found shadowLastChange could be updated by smbldap-passwd, so I changed 'unix password sync' from no to yes. In this case, change_oem_password() will return NT_STATUS_ACCESS_DENIED when the passwor...

How does one go about adding a machine account, or even a normal samba account, on a Samba PDC with LDAP back end? I wanted to avoid using something like smbldap-useradd, because I want to actually understand what's going on. I'm assuming it's just some sort of small ldif to add, like I would for adding user, am I wrong? Thanks, Kyle

Hi there. I've a problem with using samba as Primary Domain Controller with backend ldap. Version release (Samba 3.2.5, OpenLDAP 2.4.11) on Debian Lenny. When I try to join the domain with a Windows XP Pro Client, all works fine...profiles updating, logon, ecc..but when I try to join the domain with a Linux Client (Slackware 12.1) I get different errors: client:~# net rpc join -U

...ser,ou=People,dc=example,dc=local> with scope sub # filter: (objectclass=*) # requesting: ALL # # testuser, People, example.local dn: uid=testuser,ou=People,dc=example,dc=local uid: testuser cn: Sean Cook objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 547 gidNumber: 500 homeDirectory: /home/testuser # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 I think the issue might be with PAM, because comparing all files I can think of doesnt point...

CentOS 5.2 with OpenLDAP 2.3.27, nss_ldap_253.13, using TLS, i686 and x86_64. If a user with an expired password (shadowLastChange + shadowMax < current day) logs in to a system where ldap.conf points first to a consumer-only LDAP server, the password change operation (exop) proceeds and fails with: LDAP password information update failed: Referral If I comment out "ssl start_tls", the referral to the master is followed...

...White givenName: Mary Alice sn: White mail: mawhite@mdah.state.ms.us objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: hostObject userPassword:: xxxxxxxxxxxxxxxx shadowLastChange: 13923 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 651 homeDirectory: /home/mawhite gecos: Mary Alice White structuralObjectClass: inetOrgPerson creatorsName: cn=Manager,dc=mdah,dc=state,dc=ms,dc=us host: roark host: welty host: manship host: archives4 gidNumber: 100

Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join

...Person objectClass: posixAccount objectClass: shadowAccount uid: rsync cn: Rsync sn: User displayName: Rsync User mail: rsync@localhost initials: rsu telephoneNumber: 406-228-2850 mobile: 406-228-2850 postalAddress: 101 Airport Road carLicense: xxxxxx userPassword: {crypt}!! shadowLastChange: 13798 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 586 gidNumber: 586 homeDirectory: /home/rsync gecos: Rsync User

...ationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount userPassword:: eHh4 shadowLastChange: 10000 facsimileTelephoneNumber: 01.43.21.54.75 uid: mwerly uidNumber: 12164 cn: Marc WERLY shadowInactive: -1 loginShell: /bin/bash shadowMin: 0 gidNumber: 100 shadowMax: 999999 gecos: mwerly homeDirectory: /home/mwerly sn: Marc shadowWarning: 99 1 it seems unable to authenticate with pop3-login: Login: mwerly [192.168.1.7] Aug 31 17:47:35 dental01 pop3: I/O leak: 0x8050d70 (0) Aug 31 17:47:35 dental01 pop3: I/O leak: 0x8084db0 (1) :o( 2 if I comm...

...aris, France <hummel at pasteur.fr> | P?le informatique - syst?mes et r?seau -------- Here are some details about which attribute we're planning to use and their TCB equivalents uidNumber ~ u_id uid ~ u_name userPassword ~ u_pwd shadowLastChange ~ u_succhg shadowExpire ~ u_expdate shadowMax ~ u_life shadowWarning ~ u_exp [ shadowWarning = u_life - u_exp] plus the one we wrote : maxTries ~ u_maxtries [ maximum number of consecutive unsuccessful login attempts to the account that are permitted until the account is disabled ] numUnsucLog ~ u_numunsuclog [ number of unsuccessf...

Dear all, i have a problem with sssd in conjunction with ldap on a centos 7 x86_64 box. ldap works fine. I can login there as an usual user registred in ldap. I want now restrict the access with ldap's host attribute. This is beeing ignored. Still every ldap user can login, no matter what the host attribute says. I googled around and only found that sssd.conf need two lines: access_provider

Hi all. First, sorry for my poor english. I'm using samba on debian stable as PDC with backend ldap on a small network. Sometimes, and I don't know exactly when and why, there's a problem when clients XP3 joins domain (it blocks on next window just after login while receiving profile , sorry I don't know the message in english version), and this, only on 2 physical

Hi, I am trying to set up a Fedora Directory server for centralised authentication. I configure the directory server, add a user called (via the Java GUI) test and then, using system-config-authentication, enable LDAP on both tabs. I then try to log-in using the test account I set up on the directory, but I get an error message in /var/log/messages: May 30 16:28:27 ds1

...ocalAddress: tommy mail: tommy at workgroup sambaLMPassword: CCF9155E3E7DB453AAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: 3DBDE697D71690A769204BEB12283678 sambaPwdLastSet: 1259217976 sambaPwdMustChange: 1290753976 userPassword: {SSHA}baNet7XxM3EaPORUnwRCYNSXTlF0cE5z shadowLastChange: 14574 shadowMax: 365 smbd --version Version 3.2.5 debian lenny slapd -V @(#) $OpenLDAP: slapd 2.4.11 (Oct 12 2008 04:13:21) $ buildd at ninsei:/build/buildd/openldap-2.4.11/debian/build/servers/slapd Thanks in advance

Hi all, I've been using samba for a few years now on a couple of file servers with a tdbsam backend for our user accounts. We use openldap for the vast majority of our identity management, so I would love to be able to tie into this. We recently started using sambaNTPassword in openldap for radius authentication, so this is populated for most of our users now. >From reading through