[ale] accounts expiring in samba/ldap config

J. D. jdonline at gmail.com
Tue Aug 25 09:59:25 EDT 2009


Hey all,

We are running openldap and samba on RHEL5. The end users passwords appear
to silently expire and lock them out of their RHEL5 servers. The only way to
get the user back in is for one of the admins to reset the password for the
user on the samba server like this:

smbldap-passwd $USER

We have tried some things like  to disable expiration but it has not helped.
At the moment we are looking for a way to reset the accounts so that they
stop expiring at unopportune times so that we stop the flood of support
issues and then deal with the problem in a different manner.

Tried this among other commands:
smbldap-usermod -B -! $USER

Here is a before an after password reset dump of user data.. After diffing
the results I noticed the sambaPwdLastSet value changed. I have looked for a
way to manually set this to alleviate the immediate problem at hand but have
yet to find a method. There doesn't seem to be a way to do this using
pdbedit or smbldap-usermod. Any ideas or suggestions on this one?

BEFORE password reset
smbldap-usershow wendi
dn: uid=wendi,ou=Users,dc=turbocorp,dc=com
objectClass:
top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount,inetLocalMailRecipient
cn: Wendi
sn: Stilskin
givenName: Wendi
uid: wendi
uidNumber: 1138
gidNumber: 1001
homeDirectory: /home/wendi
loginShell: /bin/bash
gecos: Wendi Stilskin
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: Wendi Stilskin
sambaSID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaProfilePath: \\SAMBA\profiles\wendi
sambaHomePath: \\SAMBA\wendi
sambaPrimaryGroupSID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaHomeDrive: Z:
mailLocalAddress: wendi
mail: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaPwdLastSet: 1235589930
sambaPwdMustChange: 1251141930
userPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaDomainName: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [XU]

AFTER password reset
smbldap-usershow wendi
dn: uid=wendi,ou=Users,dc=turbocorp,dc=com
objectClass:
top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount,inetLocalMailRecipient
cn: Wendi Stilskin
sn: Stilskin
givenName: Wendi
uid: wendi
uidNumber: 1138
gidNumber: 1001
homeDirectory: /home/wendi
loginShell: /bin/bash
gecos: Wendi Stilskin
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: Wendi Stilskin
sambaSID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaProfilePath: \\SAMBA\profiles\wendi
sambaHomePath: \\SAMBA\wendi
sambaPrimaryGroupSID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaHomeDrive: Z:
mailLocalAddress: wendi
mail:
sambaPwdMustChange: 1251141930
sambaDomainName: TURBOCORP
sambaAcctFlags: [XU]
sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaPwdLastSet: 1251143775
userPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX



Best regards,

J. D.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090825/67b32cb4/attachment-0001.html 


More information about the Ale mailing list