Displaying 20 results from an estimated 10000 matches similar to: "Password expires every month even though 'Password Must Change' is set to 'never' (Samba+LDAP)"
2006 Aug 09
1
pam_winbind fails with "never expires" password
I'm helping a school district set up Samba for staff/student shares. The
PDC/BDCs are running NT4. Samba is v 3.0.23a on Fedora Core 5
boxes. winbind is mapping the users. Access to shares through Windows
clients or smbclient works perfectly.
There is a desire to have some faculty access the server using, e.g., an
ssh client (mostly for remote file access). When I try to log in
2005 Jun 02
5
Samba Password Expiry Date
Hi,
i have configured a Samba PDC based on idealx.org.
now, whenever i set the sambaMustChangePassword flag to 0, then
from the subsequent logon, there is a popup urge me for changing password.
now, the problem is after i have changed the password, the
sambaMustChangePassword
is set to 2147483647(unix timestamp), which if i converted it into human
readable format, it will be 2038 year,
2006 Aug 03
1
Account Flag X -Password Never Expires Problem
I am currently running the latest build of samba-3.0.23a with a tdbsam
backend. I have noticed for sometime now when I use pdbedit -c [X] username
it sets the Account Flag X for password never expires but does not modify
the Password must change for the user. Therefore even though the account
flag is set the password still expires. Any thoughts would be greatly
appreciated.
2003 Sep 30
1
Modifying password expiry dates
I've just found out that Samba (rather correctly) implements a nice and low
password expiry date through the tdbsam backend, and I believe the "maximum
password age" value.
However, I can't, for the life of me, actually /set/ this thing. I've tried
this:
# pdbedit -u <username> -r -P "maximum password age" -C 100
And without the -r, and with various
2017 Feb 02
2
How to get password expiration?
On 02/02/2017 15:17, mathias dufresne wrote:
> So, back to ldapsearch -Y GSSAPI (if your users generate kerberos
> ticket at connection time) to retrieve LDAP attribute PwdLastSet. It's
> not an UNIX timestamp, it should be called LDAP time stamp or 18-digit
> LDAP timestamp...
Aside: it's a Microsoft Win32 FILETIME. (The LDAP standard uses ISO times)
pwdLastSet
2005 Nov 28
2
Samba password expiry time
I have found that when passwords are reset from a windows machine, the
default password expiry period is around 40 days. I would like to change
this to say 90 days, but have been unable to find a way.
I tried the option "password expire time" but testparm doesn't seem to
recognise it.
There is nothing in the official Samba How-to about this.
Has anyone managed to set thier
2007 Jun 06
2
Change password expiry date for ALL users?
Hello,
I want to set the expiry date for passwords for all users with one
command. As --pwd-must-change-time only works for a single user and
policy settings are not applied after a change, I was wondering how to
solve this. Is the only way to write a script which runs "pdbedit
--pwd-must-change-time..." for every user?
greets Jimmy
--
Andreas "Jimmy"
2004 Nov 09
0
Option "password never expires" does not work correctly
We have set option "password never expires" for a user with "pdbedit -u
username -c "[X]"". The user must not change his password, but gets a
message, that "Password expires today. Do you want to change". This is
confusing.
regards Mathias Wohlfarth
2002 Feb 22
1
Antwort: Password about to expire -- Turn Windlows Client Password Ageing Off?
Hi,
there is a "X" value for the acount flags in smbpasswd ... it means no
password expiry! I found it on passdb/passdb.c. If it work?s, maybe I
don?t no! Also the password expire time ist hard coded in passwd.c too ...
set to infinity.
Take a look at the passwd.c code!
Regards, Thomas
Gesendet von: samba-admin@lists.samba.org
An: <samba@lists.samba.org>
Kopie:
2023 May 24
1
samba-tool : how to remove expiry date of an account
Hi Rowland, and many thanks for fast reply,
When using --noexpiry,
the userAccountControl is set to 66048, which disable expiry for
password as well (in MS console, "password never expires" is now
checked).
This means that the password expiry (let say, every 6 month)
will never popup again to the user, which is in my sense a wrong
behaviour.
Is there a way to change ONLY
2002 Feb 22
1
Password about to expire -- Turn Windlows Client Password Ageing Off?
I have a Domain controlled by a (Samba 2.2.2 upgraded to) Samba 2.2.3a PDC,
with
unix password sync = yes
The PDC (on a Mandrake Linux 8.X box) does not use password ageing, and we
don't want password ageing on our network.
We have a mix of Windows 98, NT4 and 2000 client workstations.
Unfortunately, some of the Windows 2000 users who log in to the domain have
complained that Windows is
2003 Feb 20
3
[Bug 14] Can't change expired /etc/shadow password without PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=14
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #215 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2003-02-20 20:51 -------
2002 Oct 02
1
Re: [slugnet] Password Expiry
Hi Elliot,
I couldn't find anything related to smbpasswd expiry.
Since u have "unix password sync = true", just a wild guess, if u could
turn off password ageing in unix passwd file (man passwd for more detail)
and see if problem persists.
Rgds
Gary
Elliot wrote:
> Hi guys... I setup samba 2.2.5 as a PDC ... I have w2k clients. It seems
> that now I am prompted to change
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
2019 Apr 10
2
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
Hi all, I have a couple of Samba 4 DCs on my network and I created a new
service account LDAPReader on my DCs that my non-Samba third-party
services such as Redmine successfully use to access AD via the LDAPS
protocol.
I have a couple of questions that relate to having service account of
this nature implemented in Samba and I wondered if the group could
possibly provide some advice?
1)
2003 Mar 17
6
[Bug 511] PublickKeyAuthentication failures when account password expires
http://bugzilla.mindrot.org/show_bug.cgi?id=511
Summary: PublickKeyAuthentication failures when account password
expires
Product: Portable OpenSSH
Version: 3.4p1
Platform: All
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo:
2015 Jun 29
1
Samba 4.2.2 AD Server - Winbind CPU 100% Password Expired
I installed a new Linux server for remote user access using Ubuntu 14.04 and
x2goserver, authenticating against our existing Samba 4.2.2 AD server.
All was working beautifully for a couple of days, with myself and one other
user. Then the other user's AD password expired, after which when they
attempted to log in winbindd spiralled out of control. Ended up with several
100% CPU winbindd
2003 Jan 09
7
[Bug 14] Can't change expired /etc/shadow password without PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=14
------- Additional Comments From dtucker at zip.com.au 2003-01-09 23:17 -------
Created an attachment (id=199)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=199&action=view)
Implement password change via /bin/passwd in session.
openssh-passexpire10.patch:
* Implementes shadow and AIX password expiry.
* Adds general expire_message
2015 Jan 12
4
User and Password expiry
Hi guys,
I'm battling to understand how the Samba4 user password expiry seems
to tie in together and was hoping this could be clarified by someone
for me please?
Currently I have the following Samba4 domain policies in place...
[root at headoffice ~]# samba-tool domain passwordsettings show
Password informations for domain 'DC=abc-ho,DC=local'
Password complexity: on
Store plaintext
2023 Oct 28
1
query account expired state
On Sat, 28 Oct 2023 11:54:34 +0200
Kees van Vloten via samba <samba at lists.samba.org> wrote:
>
> Op 28-10-2023 om 09:37 schreef Rowland Penny via samba:
> > On Fri, 27 Oct 2023 23:48:22 +0200
> > Kees van Vloten via samba <samba at lists.samba.org> wrote:
> >
> >> Hi Team,
> >>
> >> Is it possible to make a LDAP-query that returns
2007 Aug 13
1
AGI answering the channel even though I never asked it to
I am working on a call-back solution where the initiating call should
never be answered.
I was doing this simply through the dial plan, sending a progress
tone, and then dumping the channel, and firing off a DeadAGI which
created a call file to make the callback.
Now I've tried extending this so that an AGI is fired first to check
for things - like no inbound ANI - and play a