[SOLVED] Samba Ldap smbldap-tools password expired
Greetings. I have a problem with password expiration problem i cannot handle myself, so i wrote in this forum.
Recently i discovered that a newly created samba account has already expired password. Code:
smbldap-useradd -a -d /home/tommy -G education -s /bin/bash -M tommy -c "Tommy T." tommy Code:
getent shadow Code:
su tommy Code:
/dev/pts/5 user:tommy Code:
[global] Code:
SID="S-1-5-21-482339686-3080510186-2817641028" slapd.conf Code:
include /etc/ldap/schema/core.schema Code:
smbldap-usershow tommy Code:
[2009/12/01 14:37:09, 3] smbd/sec_ctx.c:set_sec_ctx(324) Code:
smbd --version Code:
uname -a Code:
slapd -V |
I've changed this in slapd.conf
Code:
#access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword Code:
user:*:::::::0 |
Still stuck.
|
Hi Aghast.
I have the same issue, but here my users doesn't need to access my linux servers, they just run windows+mail, the shell is /sbin/nologin. U are right everytime I add a new user, I found that it has his "shadowExpire=0" and dovecot every time I try to login it let me know that the account is "expire" smbldap-usershow almacen.mbx dn: uid=almacen.mbx,ou=Users,dc=XXX,dc=com shadowFlag: 134538308 shadowMin: -1 displayName: Mueblex Almacen uid: almacen.mbx shadowInactive: -1 uidNumber: 10016 gidNumber: 513 shadowWarning: 7 homeDirectory: /home/almacen.mbx shadowExpire: 0 cn: Mueblex Almacen loginShell: /bin/bash telephoneNumber: 250 mail: almacen.mbx@XXX.com sn: Almacen givenName: Mueblex gecos: Mueblex Almacen objectClass: inetOrgPerson,posixAccount,shadowAccount,top,person,mailAccount mailbox: /home/almacen.mbx/Maildir/ mailuserquota: 0 maildrop: almacen.mbx mailenable: OK userPassword: {CRYPT}wX3csUOD1Eao6 shadowLastChange: 14581 shadowMax: 9999 I have to manually change that parameter: smbldap-usermod --shadowExpire="1024" username This is with all the new users I create, even I had migrate one server and the same issue I have. Did u fix this issue? Exist a way to setup this values by default every time we create a user? shadowExpire='1024' I use mandriva MMC to manage my domain. Thanks. Centos 5.4 openldap, samba && smbldap-tools from repos. |
Thanks for you answer. I have found that if i allow a user to write into these attributes in slapd.conf
Code:
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword |
If i set rights for access as they should be
Code:
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword Code:
Dec 18 15:22:47 ns slapd[12250]: conn=3615 fd=74 ACCEPT from IP=192.168.1.11:54447 (IP=0.0.0.0:389) Code:
userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword Code:
dn="uid=tommy,ou=Users,dc=workgroup" |
Changed a little slapd.conf
Code:
access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet |
Hey Aghast.
I seen that u are not running RedHat/Centos but have the same behavior, I have seen that my issue is went I add a email account to our server, If I add a user or machine account I don't have issues. My issue is went I add a email account, by looks like the issue is not samba or smbldap-tools, I'm using mandriva mds. I already ask to the forum, just waiting the answer. Thanks. Centos 5.4/openldap 2.3.x/samba 3.0.33. |
klabacita, i don't know if it would help, but you may try to set a policy for maximum password age with pdbedit.
Code:
pdbedit -P "maximum password age" -C 1024 |
Appreciated your tip Aghast.
The only small thing is that I have to this each time I add a email account, is a extra step I have to make. Before this was working normally, but something chanhge with mandriva mds or something else. But thanks for your help and tips my friend. |
Hi Aghast, is me again.
Finally the people from mds answer my email, this option is enable by default on MDS, it wasn't a samba ldap thing, I knew that was mds settings, they told me to add this setting inside base.ini from mds and restart the service: [userdefault] shadowExpire = DELETE Fix works. Thanks!!! |
All times are GMT -5. The time now is 05:33 PM. |