similar to: Account Expiry

Yesterday, I've moved all my samba users from a redhat 9 (i386) system to a Centos 5 (x86_64) system. This runs samba-3.0.25-7. The system uses NIS authentication, no shadow files. Now all my Windows users have accounts that expire today! Strangely, if I do a: # pdbedit -L -v mk I get: Password last set: Tue, 18 May 2004 15:04:30 CEST Password can change: Tue, 18 May 2004 15:04:30

Hello, we, a public hospital, would like to migrate to samba4 from our samba3.x environment. According to the documentation samba4 does use a internal ldap server. We use openLDAP as directory for samba horde Oracle name resolution zope user authentication, Checkpoint Firewall authentication (only few users ), squid proxy authentication, logon authentication to our linux servers, logon

I have some weird error with one of my samba installation. When modifying samba password using smbpasswd, samba seems trying to add same attribute (instead of delete and add again), pls see the "MOD" from log file (from different domain) : UNSUCESSFULL Mar 15 17:10:53 hurricane slapd[27056]: conn=29489 op=1 MOD dn="uid=pwreka,ou=people,ou=purwakarta,dc=indorama,dc=com" Mar 15

LDAP Account Manager (LAM) 5.0 - June 30th, 2015 ================================================ LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- LAM Pro can notify your users via cron job that their passwords will expire soon. The Windows support was also enhanced. LAM no longer supports Internet Explorer 8. Full changelog:

A user with the X (password doesn't expire) flag on his account was forced to change his password because it expired on a system with pdbedit -P'maximum password age' account policy "maximum password age" description: Maximum password age, in seconds (default: -1 => never expire passwords) What's going on? why is samba ignoring this and expiring passwords anyways?

I am trying to set up LDAP authentication for CentOS workstations, but can't get it to authenticate properly. Authentication fails saying the account has expired when I know for certain that it has not (e.g. ldapsearch authenticated with the appropriate uid and password returns shadowLastChange 14816 and shadowMax 99999). The last time I did this seriously for authentication was using Apple

Hi Rowland, and many thanks for fast reply, When using --noexpiry, the userAccountControl is set to 66048, which disable expiry for password as well (in MS console, "password never expires" is now checked). This means that the password expiry (let say, every 6 month) will never popup again to the user, which is in my sense a wrong behaviour. Is there a way to change ONLY

Hi Rowland and list, I allow myself to give a UP to my message in case someone has an idea. Thanks, --Oliver Le 2023-05-24 15:55, Olivier BILHAUT via samba a ?crit : > Hi Rowland, and many thanks for fast reply, > > When using --noexpiry, > the userAccountControl is set to 66048, which disable expiry for > password as well (in MS console, "password never

Hi list :) I am looking for the right command to achieve my goal. I would like to remove the account expiry date of an ACCOUNT with a samba-tool command (account never expires) Options of "samba-tool user setexpiry" are : --filter=FILTER LDAP Filter to set password on --days=DAYS Days to expiry --noexpiry Unfortunately, the "noexpiry" parameter just set another option

On Wed, 10 Apr 2019 15:21:13 +0100 Stephen via samba <samba at lists.samba.org> wrote: > Hi all, I have a couple of Samba 4 DCs on my network and I created a > new service account LDAPReader on my DCs that my non-Samba > third-party services such as Redmine successfully use to access AD > via the LDAPS protocol. > > I have a couple of questions that relate to having

According to the Rails book, the session object has an attribute called :session_expires, but they don''t encourage its use. Currently I handle session expiry by using a cron job to delete session files that have not been modified in the last X minutes (it is a design/security requirement for this project that sessions expire after a finite period of inactivity). However, this is a

Hi, I get problem of OpenSSH v3.7.1p2 authentication only on AIX that using NIS. Following is the debug message even before I enter my password: Apr 22 11:18:54 db309a sshd[413700]: Connection from 172.16.59.210 port 44654 Apr 22 11:18:54 db309a sshd[413700]: User spowell password expired too long Apr 22 11:18:54 db309a sshd[413700]: Failed none for illegal user spowell from 172.16.59.210

When samba password has been expired, user are force to change their password from client WS. Samba will modify sambaPwdMustChange attribute and the value seems always "2147483647", this not happen when changin password with smbpasswd. >From where samba calculate value for "sambaPwdMustChange"? is it constant? Is it possible to specify different value? Tks.

On Wed, 10 Apr 2019 16:25:47 +0100 Stephen via samba <samba at lists.samba.org> wrote: > To be honest, the 'Dynamic Bind' method doesn't seem that secure to > me, anybody could 'pretend' to be someone else. > > Rowland > > True! I agree with you Rowland that is a weakness. Unfortunately that > is a universal weakness shared by all password-based

Hi all, I have a couple of Samba 4 DCs on my network and I created a new service account LDAPReader on my DCs that my non-Samba third-party services such as Redmine successfully use to access AD via the LDAPS protocol. I have a couple of questions that relate to having service account of this nature implemented in Samba and I wondered if the group could possibly provide some advice? 1)

Hello all=20 =20 First of all Sorry for the long e-mail =20 I am trying to get samba working as a domain member and store the idmap = in a ldap database. =20 The join is successful and all commands are working like it should = wbinfo =96u, wbinfo =96g kinit enz But the id administrator command gives me the following =20 # id administrator id: administrator: no such user =20 If I do

Hi, Use pwdLastSet + your AD password policy to know when password will expire. Expiration will happen at pwdLastSet + how long this password is valid. Cheers, mathias 2015-11-26 6:40 GMT+01:00 Amaury Viera Hernández <avhernandez at uci.cu>: > Hi every one: > I'm using samba4 as domain controller and a I want to check every 1 hour > in my mail server the password

Sorry to hop on an existing conversation but this seemed like a good point to jump in with this question. Say I have a service account, with a random password that is set to never expire. What component is expected to periodically renew (or request anew) the Kerberos TGT using that password? I see lots of information about SSSD handling this, but less so with Samba. Also, I understand that in

I am having a problem with usernames that are longer than 8 characters on the following system types: Solaris 8, Solaris 9 OpenSSH 4.2p1 OpenSSL 0.9.8a When logging in with an SSH client like PuTTY, OpenSSH or SecureCRT, the username is truncated when the password is asked to be changed. Below is output from a PuTTY session when logging in to a system with an expired password and a username

To be honest, the 'Dynamic Bind' method doesn't seem that secure to me, anybody could 'pretend' to be someone else. Rowland True! I agree with you Rowland that is a weakness. Unfortunately that is a universal weakness shared by all password-based authentication methods. I guess you would have to go with SSH-style encryption keys and certificates to circumvent that problem