[Samba] password expiration problem
in [Samba]
|
From: Отдел ИТ Администрации Черниговского района on 1 Dec 2009 11:20 Greetings. I have problem with password expiration problem i cannot handle myself, so i wrote in this list. Recently i discovered that a newly created samba account has already expired password. smbldap-useradd -a -d /home/tommy -G education -s /bin/bash -M tommy -c "Tommy T." tommy smbldap-passwd tommy getent shadow user:*:::::::0 user2:*:::::::0 user3:*:::365::::0 tommy:*:::365::::0 su tommy pam_mount password: Password aged Enter login(LDAP) password: auth.log /dev/pts/5 user:tommy Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:auth): authentication failure; logname= uid=1001 euid=0 tty=/dev/pts/5 ruser=user rhost= user=tommy Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:account): expired password for user tommy (password aged) Nov 26 16:47:34 it-chief su[5638]: pam_unix(su:chauthtok): user "tommy" does not exist in /etc/passwd Nov 26 16:48:12 it-chief su[5638]: pam_chauthtok: Authentication token manipulation error Nov 26 16:48:12 it-chief su[5638]: FAILED su for tommy by user smb.conf [global] workgroup = WORKGROUP server string = %h server ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast ; interfaces = 127.0.0.0/8 eth0 ; bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 syslog only = yes syslog = 0 panic action = /usr/share/samba/panic-action %d log level = 3 vfs:2 security = user encrypt passwords = true obey pam restrictions = no ; unix password sync = no ldap passwd sync = yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated pam password change = no passdb backend = ldapsam:ldap://auth.workgroup ldap ssl = no ldap admin dn = cn=admin,dc=workgroup ldap suffix = dc=workgroup ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users unix extensions = no ; domain logons = yes ; logon path = \\%N\profiles\%U ; logon drive = H: ; logon script = logon.cmd add user script = /usr/sbin/smbldap-useradd -m "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" ldap delete dn = yes delete user script = /usr/sbin/smbldap-userdel "%u" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" smbldap.conf SID="S-1-5-21-482339686-3080510186-2817641028" sambaDomain="WORKGROUP" slaveLDAP="auth.workgroup" slavePort="389" masterLDAP="auth.workgroup" masterPort="389" ldapTLS="0" verify="none" suffix="dc=workgroup" usersdn="ou=Users,${suffix}" computersdn="ou=Computers,${suffix}" groupsdn="ou=Groups,${suffix}" idmapdn="ou=Users,${suffix}" sambaUnixIdPooldn="sambaDomainName=WORKGROUP,${suffix}" scope="sub" hash_encrypt="SSHA" crypt_salt_format="%s" userLoginShell="/bin/bash" userHome="/home/%U" userHomeDirectoryMode="700" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel" defaultMaxPasswordAge="365" userSmbHome="\\NAS\%U" userProfile="\\NAS\profiles\%U" userHomeDrive="H:" userScript="%U.cmd" mailDomain="workgroup" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" slapd.conf include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/samba.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256 modulepath /usr/lib/ldap moduleload back_bdb sizelimit 500 tool-threads 1 backend bdb database bdb suffix "dc=workgroup" directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index default sub index uidNumber eq index gidNumber eq index mail,givenName eq,subinitial index dc eq index memberUid eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index sambaGroupType eq index sambaSIDList eq index uniqueMember eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=workgroup" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by dn="cn=admin,dc=workgroup" write by * read smbldap-usershow tommy dn: uid=tommy,ou=Users,dc=workgroup objectClass: top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount,inetLocalMailRecipient cn: tommy sn: tommy givenName: tommy uid: tommy uidNumber: 1099 gidNumber: 513 homeDirectory: /home/tommy loginShell: /bin/bash gecos: T. Tommy sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: tommy sambaSID: S-1-5-21-482339686-3080510186-2817641028-3198 sambaLogonScript: tommy.cmd sambaProfilePath: \\NAS\profiles\tommy sambaHomePath: \\NAS\tommy sambaPrimaryGroupSID: S-1-5-21-482339686-3080510186-2817641028-513 sambaHomeDrive: H: mailLocalAddress: tommy mail: tommy(a)workgroup sambaLMPassword: CCF9155E3E7DB453AAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: 3DBDE697D71690A769204BEB12283678 sambaPwdLastSet: 1259217976 sambaPwdMustChange: 1290753976 userPassword: {SSHA}baNet7XxM3EaPORUnwRCYNSXTlF0cE5z shadowLastChange: 14574 shadowMax: 365 smbd --version Version 3.2.5 debian lenny slapd -V @(#) $OpenLDAP: slapd 2.4.11 (Oct 12 2008 04:13:21) $ buildd(a)ninsei:/build/buildd/openldap-2.4.11/debian/build/servers/slapd Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: strange issue with xerox printer: unable to configure driver Next: acl_tdb |