search for: shadowwarning

dear All, I'm trying to set Shadow options in Ldap with the help of phpLDAPadmin. This is *what I know : * */Shadowmax : /maximum nr of days a pw can be valid * /ShadowLastchange : /contains the last change of the shadow file * Shadowwarning : nr of days before expiration to warn user. *What I'm trying *to do is have the users 's passwork expire, that works ok. But how can I have them get a warning message? setting Shadowwarning doesn't seem to be doing it. Do I have to set Shadowexpire as well for this? *Also, *how can...

...mel at pasteur.fr> | P?le informatique - syst?mes et r?seau -------- Here are some details about which attribute we're planning to use and their TCB equivalents uidNumber ~ u_id uid ~ u_name userPassword ~ u_pwd shadowLastChange ~ u_succhg shadowExpire ~ u_expdate shadowMax ~ u_life shadowWarning ~ u_exp [ shadowWarning = u_life - u_exp] plus the one we wrote : maxTries ~ u_maxtries [ maximum number of consecutive unsuccessful login attempts to the account that are permitted until the account is disabled ] numUnsucLog ~ u_numunsuclog [ number of unsuccessful login attempts to the...

How does one go about adding a machine account, or even a normal samba account, on a Samba PDC with LDAP back end? I wanted to avoid using something like smbldap-useradd, because I want to actually understand what's going on. I'm assuming it's just some sort of small ldif to add, like I would for adding user, am I wrong? Thanks, Kyle

Hi there. I've a problem with using samba as Primary Domain Controller with backend ldap. Version release (Samba 3.2.5, OpenLDAP 2.4.11) on Debian Lenny. When I try to join the domain with a Windows XP Pro Client, all works fine...profiles updating, logon, ecc..but when I try to join the domain with a Linux Client (Slackware 12.1) I get different errors: client:~# net rpc join -U

...example,dc=local> with scope sub # filter: (objectclass=*) # requesting: ALL # # testuser, People, example.local dn: uid=testuser,ou=People,dc=example,dc=local uid: testuser cn: Sean Cook objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 547 gidNumber: 500 homeDirectory: /home/testuser # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 I think the issue might be with PAM, because comparing all files I can think of doesnt point me to any differences...

...Mary Alice sn: White mail: mawhite@mdah.state.ms.us objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: hostObject userPassword:: xxxxxxxxxxxxxxxx shadowLastChange: 13923 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 651 homeDirectory: /home/mawhite gecos: Mary Alice White structuralObjectClass: inetOrgPerson creatorsName: cn=Manager,dc=mdah,dc=state,dc=ms,dc=us host: roark host: welty host: manship host: archives4 gidNumber: 100

Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join

...the account has expired. The LDAP attributes that I think are relevant on a test account are below. I don't see anything here that looks hinky, but then I am fairly ignorant on PAM authentication. shadowExpire 0 shadowFlag 0 shadowInactive 0 shadowLastChange 14816 shadowMax 99999 shadowMin 0 shadowWarning 7 Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792 "I ask, s...

...s: posixAccount objectClass: shadowAccount uid: rsync cn: Rsync sn: User displayName: Rsync User mail: rsync@localhost initials: rsu telephoneNumber: 406-228-2850 mobile: 406-228-2850 postalAddress: 101 Airport Road carLicense: xxxxxx userPassword: {crypt}!! shadowLastChange: 13798 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 586 gidNumber: 586 homeDirectory: /home/rsync gecos: Rsync User

...s: shadowAccount userPassword:: eHh4 shadowLastChange: 10000 facsimileTelephoneNumber: 01.43.21.54.75 uid: mwerly uidNumber: 12164 cn: Marc WERLY shadowInactive: -1 loginShell: /bin/bash shadowMin: 0 gidNumber: 100 shadowMax: 999999 gecos: mwerly homeDirectory: /home/mwerly sn: Marc shadowWarning: 99 1 it seems unable to authenticate with pop3-login: Login: mwerly [192.168.1.7] Aug 31 17:47:35 dental01 pop3: I/O leak: 0x8050d70 (0) Aug 31 17:47:35 dental01 pop3: I/O leak: 0x8084db0 (1) :o( 2 if I comment user_global_uid = 1000 user_global_gid = 1000 dovecot can't get uidnumber...

Dear all, i have a problem with sssd in conjunction with ldap on a centos 7 x86_64 box. ldap works fine. I can login there as an usual user registred in ldap. I want now restrict the access with ldap's host attribute. This is beeing ignored. Still every ldap user can login, no matter what the host attribute says. I googled around and only found that sssd.conf need two lines: access_provider

Hi all. First, sorry for my poor english. I'm using samba on debian stable as PDC with backend ldap on a small network. Sometimes, and I don't know exactly when and why, there's a problem when clients XP3 joins domain (it blocks on next window just after login while receiving profile , sorry I don't know the message in english version), and this, only on 2 physical

Hi, I am trying to set up a Fedora Directory server for centralised authentication. I configure the directory server, add a user called (via the Java GUI) test and then, using system-config-authentication, enable LDAP on both tabs. I then try to log-in using the test account I set up on the directory, but I get an error message in /var/log/messages: May 30 16:28:27 ds1

Hi all, I've been using samba for a few years now on a couple of file servers with a tdbsam backend for our user accounts. We use openldap for the vast majority of our identity management, so I would love to be able to tie into this. We recently started using sambaNTPassword in openldap for radius authentication, so this is populated for most of our users now. >From reading through

...tate,dc=ms,dc=us uid: root cn: root sn: root mail: root@mdah.state.ms.us objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: xxxxxxxxxxxxxxxxxxx shadowLastChange: 13704 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 0 gidNumber: 0 homeDirectory: /root gecos: root # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@gomer samba]# ps ax|grep winbind 6511 pts/1 S+ 0:00 grep winbind 29280 ? Ss 0:00 winbindd 292...

...unt objectClass: qmailUser objectClass: sambaSamAccount uid: USER1 uidNumber: **** shadowFlag: 0 shadowInactive: -1 gidNumber: *** shadowMin: -1 shadowMax: 999999 homeDirectory: /home/USER1 sn: USER1 mail: USER1 at my.doma.in mailHost: lmtp:unix:/var/lib/imap/socket/lmtp shadowWarning: 7 sambaSID: ***************************************** shadowExpire: -1 mailAlternateAddress: USER1a cn: surname lastname gecos: surname lastname loginShell: /bin/bash host: another-node What information is still missing? Any hint is welcome. Thank you in advance, ulrich

...tag=101 err=0 nentries=1 text= Mar 11 16:01:43 compaq slapd[487]: conn=283 op=2 SRCH base="dc=login" scope=2 filter="(&(objectClass=shadowAccount)(uid=test3))" Mar 11 16:01:43 compaq slapd[487]: conn=283 op=2 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag Mar 11 16:01:43 compaq slapd[487]: conn=283 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Mar 11 16:01:45 compaq slapd[395]: conn=283 fd=22 closed 7) My primary focus is to add the machines to domain, but i would like help with both issues if anyone c...

Doesn't anyone here know how to authenticate hosts in the group 'Domain Controllers' such that you don't have to set 'ldap admin dn' to the ldap server's root dn? What's the big deal? Why is this such a secret? Everytime I ask about it I get dead silence. It doesn't seem to matter what list I am on either. Jim C. --

Hello, Hopefully I'm in the right place asking for help :-) I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to latest samba versions, I would like to use an ubuntu 8.04 virtual machine. The domain is in production on the physical server, to be dismissed after migration. It is also the file server!!! so /DATA/ has all shared and permission driven file access.. I