similar to: Samba Password Aging

Greetings ... A quick question more to confirm a few things reguarding SMB passwords, which I hope might be able to look at for password aging. I saw some discussion on samba-tech list, but nothing conclusive. LM and NT hashs don't have a salt? Do they? ... In other words, a password "password" LM hashed, always comes out as "E52CAC67419A9A224A3B108F3FA6CB6D" not

What are my options for implementing password aging using samba as my PDC ? I can set the users Linux password to expire, but it doesn't seem to propagate to their samba passwords. I absolutely need this functionality. Is OpenLDAP the answer? Joseph Morin

I'm looking at the password aging and account lock checks in auth.c:allowed_user(), and specifically their behaviour on HP-UX. First, should this code be ifdef'd away if we're using PAM? Next: /* Check account expiry */ if ((spw->sp_expire > 0) && (days > spw->sp_expire)) return 0; If I lock an account by entering too many incorrect passwords, sp_expire

Hi guys... I setup samba 2.2.5 as a PDC ... I have w2k clients. It seems that now I am prompted to change my password because it is going to expire Could you guys tell me how and where to disable password expiry? cheers`

Hi, I've seen many people complaining winbind can't handle expired Windows AD accounts and doesn't ask to change them. Is it something people can't just configure properly or it is not supported by design? Have anyone had luck getting it working properly? Thanks!

I'm using Samba marked 2.999+3.0cvs20020723 from Debian `sid'. In smb.conf, I've got: passdb backend = ldapsam:ldaps://master.ldap.server ldapsam:ldaps://backup.ldap.server tdbsam All works fine when both ldap servers are up, or when at least the first is up. When the first is down, though, samba tries to connect to it, doesn't manage to, and gives up instead of trying the

I've just found out that Samba (rather correctly) implements a nice and low password expiry date through the tdbsam backend, and I believe the "maximum password age" value. However, I can't, for the life of me, actually /set/ this thing. I've tried this: # pdbedit -u <username> -r -P "maximum password age" -C 100 And without the -r, and with various

I am using Samba Version 2.999+3.0cvs20020906-1 for Debian. I can use it fine FROM windows to access files on my linux computer. These two are the only computers on my workgroup. I am unable to conenct to my Windows XP PRO SP1 computer. Any ideas? When I do smbclient //TENSOR/mp3 -U Administrator I get: added interface ip=192.168.0.102 bcast=192.168.0.255 nmask=255.255.255.0 Password: Doing

I am using PAM and pam_smbpass.so with Samba 2.999 (Debian sid package). If, in /etc/pam.d/samba, I set session required pam_smbpass.so then login fails, and the log says: [2002/08/04 15:43:26, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : Module is unknown [2002/08/04 15:43:26, 1] smbd/session.c:session_claim(103) pam_session

Is password aging/expiration a functional feature in Samba 3? I have compiled and installed the alpha 12 release and while I can set password aging in the account policies via NT's account manager, Samba 3 does not seem to be honoring it. __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com

Folks, I get this when I try to run 'bootstrap' to rebuild Xapian from scratch. This is the current revision from the svn repository today (8400). Any suggestions on what other package may be needed (both gcc and g++ are installed). ken@mercury:~/sandbox/xapian/trunk$ ./bootstrap Bootstrapping `xapian-core' aclocal: configure.ac: 130: macro `AM_CXXFLAGS' not found in library

Ok, so, things are complicated. The PAM standard insists on password aging being done after account authorization, which comes after user authentication. Kerberos can't authenticate users whose passwords are expired. So PAM_KRB5 implementations tend to return PAM_SUCCESS from pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt() to return PAM_NEW_AUTHTOK_REQD, as

I've compiled 3.7.1p2 on AIX 5.1 w/pam compiled in, but not enable in the sshd_config. Also applied Darrens 3.7.1p2 patch25. I am having issues w/password aging when maxage is set to anything >0. i dont believe this function was ever working (at least not in 3.5p1). Can anyone verify this? Thanks, Ryan __________________________________ Do you Yahoo!? Protect your identity with Yahoo!

First, my config: Solaris 8 PADL pam_ldap v165 and pam_nss v211 OpenSSH 3.7.1.p2 All compiled with gcc 2.95.3 that ships with the Sun companion CD LDAP PAM authentication is working well with OpenSSH, privsep is disabled, challenge-response authentication is enabled. I would like to turn on password aging, which seems to be well supported by pam_ldap. Logins going through /bin/login correctly

Hi all, What exactly is the difference between ldap and ldapsam compilations? What functional differences are there for samba? I assume you can do user authentication with just ldap? Is ldapsam only necessary for PDC functionality? There seems to be loads of documentation on Samba-as-PDC-to-LDAP, but virtually none that I could find for just samba-to-ldap (over TLS, so no PAM) user

Anyone have password aging working in Openldap 2.2.13-7 on Centos? The system continues to prompt for a new password regardless of whether it's been changed or not. Thanks -- Flambeau Inc. Technology Center - Baraboo, WI Email : tblader at flambeau.com Keyserver: http://pgp.mit.edu KeyID: 0x00E9EC2C

I use dovecot with shadow support and i have a problem with aging password, if the password is ended dovecot continue to log me in... It's possibile to disable login if the password is ended? Hi, Jacopo -- Linux, Windows Xp ed MS-DOS (anche conosciuti come il Bello, il Brutto ed il Cattivo). -- Matt Welsh

Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having difficulties in enabling password aging to work from reading /etc/default/passwd and /etc/shadow. # passwd -f < user-id > works satisfactorily however once a password ages through due course from the settings in /etc/default/passwd and /etc/shadow the users are not prompted to change passwords and the user is logged

Our server is only opened 22 sshd port... We wants our server secuirty is more higher, so decide to password aging policy... Linux command is "chage" is very useful, but openssh3.3 higher version is not effected... [root at radius ~]# chage -l test Minimum: 0 Maximum: 2 Warning: 2 Inactive: 2 Last Change: May 09, 2003 Password Expires: May

Ok, I'm rigging myself up a Samba 3 PDC for a variety of Windows clients. Anything from 98 on up to XP and everything in between. For the most part it hasn't been a big deal. I've got a couple of questions I want to run by the list and see if anyone has figured this one out. My first question is about the [profiles] share. Is this share really needed? The documentation never