similar to: pam_winbind fails with "never expires" password

More info on the problem that users could access shares, but not login, if their passwords were "expired" by days, but had "password never expires" flagged. During further experimentation, I discovered (I'm not a Windows person) that in addition to flagging a user as "password never expires", there is an account policy flag specifying the same thing globally.

Sorry for the repost, but I've not gotten any response and the problem persists. Does anyone have any idea how to fix? =================================== I read a few posts in the archives about this problem and that it was to be fixed in 3.0.23c. Currently I'm running 3.0.23d-2+b1 on a debian system and am getting the following: $ ssh -l testuser fileserver Password: Your password

I read a few posts in the archives about this problem and that it was to be fixed in 3.0.23c. Currently I'm running 3.0.23d-2+b1 on a debian system and am getting the following: $ ssh -l testuser fileserver Password: Your password has expired Here's what auth.log shows: Jan 4 11:46:26 tmcsamba1 pam_winbind[14309]: user 'DOMAIN1+testuser' OK Jan 4 11:46:26 tmcsamba1

We have set option "password never expires" for a user with "pdbedit -u username -c "[X]"". The user must not change his password, but gets a message, that "Password expires today. Do you want to change". This is confusing. regards Mathias Wohlfarth

I am currently running the latest build of samba-3.0.23a with a tdbsam backend. I have noticed for sometime now when I use pdbedit -c [X] username it sets the Account Flag X for password never expires but does not modify the Password must change for the user. Therefore even though the account flag is set the password still expires. Any thoughts would be greatly appreciated.

Hi all, Since a few months ago Samba ask each of our users to change password at log on every month and I have not been able to disable it. I found this page and follow the instructions: http://playingwithsid.blogspot.com/2010/12/change-samba-password-expiry-setting.html The default 'Password Must Change' policy was set to never and pdbedit shows 'Password Must Change: never'

Hi! I was doing some tests with a samba 3.0.2a server set up to be a wins server and to do dns proxy, and I have found that when you queried nmbd for a name ahta was not on wins db or found on DNS, the negative response is cached either for a really long time or forever, in such a way that even though you add the name to the DNS, you won't get a positive answer out of nmbd anymore. I have

Hello all This patch tries to remove a few bugs from smbmount. It would be nice to get some testing+feedback on this from others using smbmount and possibly get these things fixed for the next release of samba. It does the following: * Change lib/debug.c to allow changing your mind on being interactive. A second call to setup_logging should now replace the effects of a previous call. (hmm,

Hello, You will find in attachment the layout of my current physical configuration. For now, the Cable ISP is not used. Since it is a dynamic ISP, my mailserver is rejected and my domain name registers on blacklists like ORDB and al. I want it to be used as a default gateway except for my mail server that would be seen as coming from my "honest" ADSL ISP. Here is

I thought that I would post this and see what others think. I wanted a way to authenticate mail users with pass through auth to a win2k box, so I don't have to add accounts on our mail server, just the 2k box. But the problem is a way for them to change their password off-site. So I've been trying to get poppassd (1.8.4 - current) to work with the pam_winbind.so module with very limited

Samba is throwing this when trying to build version 3.5.15: =================================================== Compiling ../nsswitch/pam_winbind.c ../nsswitch/pam_winbind.c: In function ?_pam_parse?: ../nsswitch/pam_winbind.c:440:76: warning: comparison between pointer and integer ../nsswitch/pam_winbind.c:445:7: warning: comparison between pointer and integer ../nsswitch/pam_winbind.c:447:7:

I'm working on a PAM setup that will ignore winbind/AD completely for users listed in /etc/passwd, and do the samba thing for all other users. Mostly it seems to work, but there's one weird side-effect. For non-AD users (only), an AD group "BUILTIN+users" is being added as a secondary group. If I kill winbind, it still gets added, although only the gid is available (no name).

Hello all, I have successfully setup winbind with clients pointing to a central ldap server, and have had great results for ssh service logins, however i get wierd problems with gdm login attempts after winbind has been running for a while. Oct 10 14:45:26 ctilinux6 pam_winbind[2398]: request failed, but PAM error 0! Oct 10 14:45:26 ctilinux6 pam_winbind[2398]: internal module error (retval = 3,

Hello to all, I am trying to setup samba 2.2.2 with winbind and i have gone through all the documentation that i could find in regards to this. Everything has been going smoothly up until now. The html docs for setting up winbind states that i should copy "pam_winbind.so" from the /samba/source/nsswitch/ to /lib/security/, simple enough but i do not have "pam_winbind.so" in

Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add "require_membership_of" to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards,

Hi, i have installed the pam_winbind.so Library to authentificate the User again ADS. It works fine, but the User will disconnect after the timeout to wait before abandoning a login session you can configure in /etc/default/login. With pam_winbind.so of samba 3.0.7 it works without any error with the same pam.conf Konfiguration. I use solaris 8. Whats wrong ?? regards, Peter Naber

this problem might be more to do with apache than winbind, but I'll start here anyway... Problem: can't get apache httpauth to work with nested groups, though ssh auth (also using pam) to same box does Config: -------------------------------------------------------- software: apache 2.0.55, libapache2-mod-auth-pam 1.1.1, and winbind 3.0.22 pertinent apache config:

Hi All, I am having trouble compiling Samba 3.0.8pre1 with pam_winbind. I am using the following configure string. ./configure --prefix=/usr/local/samba --exec-prefix=/usr/local/samba --with-libiconv=/usr/local/lib --with-ldap=/opt/csw --with-krb5=/usr/local/krb5 --with-automount --with-pam --with-ldapsam --with-utmp --with-libsmbclient --with-winbind ... and I get the following output

Hello List, I have successfully integrated samba 3 to ADS Domain, and now i want to allow domain-users to access services on my linux box. For testing i chose /etc/pam.d/login and tried to allow ADS Users access to the console. But i always get the following errors: Mar 12 12:45:59 cuba90 pam_winbind[9011]: user 'r-ermer+mfeilner' granted acces Mar 12 12:45:59 cuba90 login[9011]: User

Hey list, I'm wondering if there is any advantage to be gained by using kerberos with pam_winbind. I've configured pam_winbind and enabled krb5_auth though apart from being granted a ticket, I'm unsure as to any advantage that would be gained by enabling Kerberos. Thanks, Matt Delves -- --------------------------------------------- Matthew Delves System Administrator Information