From: k.maksimov on
Lorenzo Milesi wrote:
> Hi.
>
> I've set up a Samba PDC on Debian, working fine with XP Clients.
>
> I'm now trying to have a linux client join the domain. I managed to do that, but I cannot handle password expiration. When the domain pass is expired, in GDM I see a message "Your password is expired" but the user can log in anyway.
>
> I used the following guide to configure my Linux client, which is an Ubuntu 10.04:
> https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto
>
> Configured PAM using pam-auth-update.
> common-auth is:
> auth [success=2 default=ignore] pam_unix.so nullok_secure
> auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login use_first_pass
>
> common-password
> password [success=2 default=ignore] pam_unix.so obscure sha512
> password [success=1 default=ignore] pam_winbind.so use_authtok use_first_pass
>
> nsswitch.conf
> passwd: files winbind
> group: files winbind
> shadow: files winbind
> hosts: files dns
>
>
> What should I change?
> thanks
>
GDM not support this feature:
https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/114620

if you want, you can hack gdm)

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Lorenzo Milesi on
----- Messaggio originale -----
> GDM not support this feature:
> https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/114620
>
> if you want, you can hack gdm)

This sounds strange, because Googling around I found some infos about GDM allowing password change...

I don't know if this could be a problem of the "new" GDM or what...
--
Lorenzo Milesi - lorenzo.milesi(a)yetopen.it

YetOpen S.r.l. - http://www.yetopen.it/
Via Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222

GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it

-------- D.Lgs. 196/2003 --------

Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: k.maksimov on
Lorenzo Milesi wrote:
> ----- Messaggio originale -----
>
>> GDM not support this feature:
>> https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/114620
>>
>> if you want, you can hack gdm)
>>
>
> This sounds strange, because Googling around I found some infos about GDM allowing password change...
>
> I don't know if this could be a problem of the "new" GDM or what...
>
oh sorry, I was inattentive. mb this can fix problem: "echo auth
required pam_deny.so>>/etc/pam.d/common-auth && echo password required
pam_deny.so>>/etc/pam.d/common-password" ?


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: k.maksimov on
k.maksimov wrote:
> Lorenzo Milesi wrote:
>> ----- Messaggio originale -----
>>
>>> GDM not support this feature:
>>> https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/114620
>>>
>>> if you want, you can hack gdm)
>>>
>>
>> This sounds strange, because Googling around I found some infos about
>> GDM allowing password change...
>>
>> I don't know if this could be a problem of the "new" GDM or what...
>>
> oh sorry, I was inattentive. mb this can fix problem: "echo auth
> required pam_deny.so>>/etc/pam.d/common-auth && echo password required
> pam_deny.so>>/etc/pam.d/common-password" ?
>
>
sorry, s/required/requisite/

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Lorenzo Milesi on
> oh sorry, I was inattentive. mb this can fix problem: "echo auth
> required pam_deny.so>>/etc/pam.d/common-auth && echo password required
> pam_deny.so>>/etc/pam.d/common-password" ?

sadly not.

these are my files:
common-auth:
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so

common-password:
password [success=1 default=ignore] pam_winbind.so debug use_first_pass
password [success=2 default=ignore] pam_unix.so obscure sha512
password requisite pam_deny.so
password required pam_permit.so
password optional pam_gnome_keyring.so


even commenting the pam_permit lines, nothing changes.
thanks
--
Lorenzo Milesi - lorenzo.milesi(a)yetopen.it

YetOpen S.r.l. - http://www.yetopen.it/
Via Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222

GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it

-------- D.Lgs. 196/2003 --------

Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba