similar to: Remove account noexpiry and use PSO again

On Thu, 21 Mar 2024 19:50:17 +0100 Kees van Vloten via samba <samba at lists.samba.org> wrote: > Hi Team, > > > I am using fine-grained Password Settings Objects (PSOs), set with > 'samba-tool domain passwordsettings pso' to determine a.o. password > expiry (max. pw. age), they are set on a group. > > A while ago I have set one user to never expire:

Hi Rowland, and many thanks for fast reply, When using --noexpiry, the userAccountControl is set to 66048, which disable expiry for password as well (in MS console, "password never expires" is now checked). This means that the password expiry (let say, every 6 month) will never popup again to the user, which is in my sense a wrong behaviour. Is there a way to change ONLY

Hi list :) I am looking for the right command to achieve my goal. I would like to remove the account expiry date of an ACCOUNT with a samba-tool command (account never expires) Options of "samba-tool user setexpiry" are : --filter=FILTER LDAP Filter to set password on --days=DAYS Days to expiry --noexpiry Unfortunately, the "noexpiry" parameter just set another option

What I want is to get definiri X user had the expiration date on a date and Y user on another date, but this date I could set. The date when you arrive, you have to change this password. When I use the command samba-tool user setexpiry USER - noexpiry it change the "Password must change: Tuesday, 19 Jan 2038 01:14:07 GMT" I would like to do this, so that setting the date. Em

Sorry but I do not understand .... :-O Em 28-04-2016 16:55, Rowland penny escreveu: > On 28/04/16 20:30, Carlos A. P. Cunha wrote: >> >> What I want is to get definiri X user had the expiration date on a >> date and Y user on another date, but this date I could set. >> The date when you arrive, you have to change this password. >> >> When I use the command

UNOFFICIAL Thanks Tim, I was just wondering if my mistake was raising the functional-level. This confirms it. This apparently also broke backup. I cannot create the container, because the current schema (2003) doesn't support msDS-PasswordSettingsContainer. It seems impossible (and dangerous) to update the schema. I was given a reference to a thread about updating the schema but - the

Hai   After my squid group adventure, i have a remaining question here.   The problem was as followed. ( and this probely dont applie to squid kerberos helpers only. )   samba-tool setup for squid i used, was as followed.   samba-tool user create squid1-service --description="Unprivileged user for SQUID1-Proxy Services" --random-password samba-tool user setexpiry

First I am having a couple challenges with your script here: On 09/03/2015 02:43 PM, Rowland Penny wrote: > > I thought that might be your next question, I wrote it, based on what > I found here: > > http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ > > > #!/bin/bash > > # /usr/local/sbin/dhcp-dyndns.sh > #

This will be it for tonight... Sep 3 20:35:30 homebase dhcpd: DHCPDISCOVER from 02:97:09:02:23:a2 (cubieboard2) via eth0 Sep 3 20:35:31 homebase dhcpd: DHCPOFFER on 192.168.192.21 to 02:97:09:02:23:a2 (cubieboard2) via eth0 Sep 3 20:35:31 homebase dhcpd: /usr/local/sbin/dhcp-dyndns.sh: line 17: /var/log/dyndns.log: Permission denied Sep 3 20:35:31 homebase dhcpd:

Hi Rowland, I resolve the problem partially. The problem was due to the fact that I do not have winbind installed because Samba 4, Bind9 and isc-dhcp-server are on the same server. I commented on these lines in the script dhcp-dyndns.sh and it worked (on commit and on release but not on expiry ) #TESTUSER=$(wbinfo -u | grep dhcpduser) #if [ -z "${TESTUSER}" ]; then # echo "No

Release Announcements ===================== This is the third release candidate of Samba 4.9. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.9 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the third release candidate of Samba 4.9. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.9 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Hi Russell, Ah, right, of course you can't create the msDS-PasswordSettingsContainer object on a 2003 schema. The code doesn't actually care what type of object the Password Settings Container is as long as it exists. So the simplest short-term kludge to get back to a working AD would be to create the PSO container as an object that does exist in your schema, e.g. ldbadd -H

Hello Rowland, > These shouldn't be set or are defaults: > name resolve order = host > passdb backend = tdbsam > security = user > domain logons = yes > log level = 3 > os level = 64 > preferred master = yes > local master = yes > domain master = yes > tls keyfile = key.pem > tls certfile = cert.pem > tls cafile = ca.pem I kicked these out. I found

UNOFFICIAL Hi Rowland, How can I get these ldf files? I have now setup a lab-domain so I can try this out without fear of stuffing anything up. I believe that I now have finally completed upgrading from 2003 server to Samba 4 (fingers crossed). Thanks so much to everyone for your help and patience. Cheers Russell -----Original Message----- From: Rowland penny [mailto:rpenny at samba.org]

Hi all, Well, I'm completely lost with AD authentification ... server is : Ubuntu 12.04.3 3.8.0-32-generic #47~precise1-Ubuntu Samba 4.0.10 installed (and upgraded) via git, setup as unique Active Directory Domain Controller ( -> how to upgrade to 4.1 via git ?? ) I 'just' would like that the local services (let's say only dovecot and postfix) can query AD to authentifiate

As Rowland points out, that password already meets the complexity criteria, so I don't think Password Settings Objects (PSOs) will help here. PSOs allow you to tailor different passwordsettings for different users, i.e. turn complexity on or off for specific users. PSOs don't let you customize the criteria that determines whether a password is complex or not. So you could use PSOs to

Hi Rowland and list, I allow myself to give a UP to my message in case someone has an idea. Thanks, --Oliver Le 2023-05-24 15:55, Olivier BILHAUT via samba a ?crit : > Hi Rowland, and many thanks for fast reply, > > When using --noexpiry, > the userAccountControl is set to 66048, which disable expiry for > password as well (in MS console, "password never

Hi. I'm using Samba 4 on two Zentyal servers as Domain Controller and now I have to authenticate some services to it (Apache and PAM in particular). The LDAP integration asks me for a LDAP bind password, but I cannot find out where it is on Zentyal. Is there a way to check (or change it) directly on Samba 4? Or is it preferable to authenticate against Active Directory or Kerberos? Thank you

Hey All, I am testing PSO password policies and am having trouble getting the Maximum password age to be enforced. I have a test policy applied to a group and it does enforce complexity and Minimum password length but not the Maximum password age. Anyone using this setting for PSO's? Samba version 4.10.0-Ubuntu Password information for PSO 'TESTpolicy' Precedence (lowest is