Ubuntu
smbldap-tools package

How do I fix expiring passwords of Samba users?

Asked by Doug Symes

We use OpenLDAP and Samba v3. Recently some Samba-defined users (no accounts on the shared linux server) started being listed in logwatch as having their passwords come up to "will expire"...I changed the names.

       password for user unicorn will expire in 7 days: 1 Time(s)
       password for user xMacAlphbet will expire in 7 days: 1 Time(s)
       password for user klbomb will expire in 4 days: 1 Time(s)

None of thee users have a linux user account. How can I fix these?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu smbldap-tools Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Jeet (gour-jitendrasingh) said : 		#1

can you please provide output of /etc/samba/smb.conf

Thanks
~Jeet

Revision history for this message
Doug Symes (dsymes) said : 		#2

smb.conf settings from ldap server:
#======================= Global Settings =======================

[global]
   workgroup = MySambaDomain
   server string = %h server (Samba, Ubuntu)
   netbios name = ldap1
   wins support = yes
   dns proxy = no
#### Networking ####
   interfaces = 127.0.0.0/8 eth0
   hosts allow = 127. 192.168.1. 10.8.2.
; bind interfaces only = yes
#### Debugging/Accounting ####
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
####### Authentication #######
   security = user
   encrypt passwords = true
# LDAP Settings
   passdb backend = ldapsam:ldap://localhost
   ldap suffix = dc=MyDomain,dc=com
   ldap user suffix = ou=Users
   ldap group suffix = ou=Groups
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=Idmap
   ldap admin dn = cn=admin,dc=MyDomain,dc=com
   ldap ssl = no
   ldap passwd sync = yes

   obey pam restrictions = yes
   unix password sync = no
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user

########## Domains ###########
    domain logons = yes
   logon path =
   logon drive = Z:
   logon script = %U.bat
add machine script = /usr/sbin/smbldap-useradd "%u"
add machine script = /usr/sbin/smbldap-useradd -W "%u"
add group script = /usr/sbin/smbldap-groupadd -a "%g"
########## Printing ##########
# load printers = yes
    load printers = no
############ Misc ############
; include = /home/samba/etc/smb.conf.%m
    domain master = yes
        enhanced browsing = yes
    local master = yes
    preferred master = yes
    os level = 255
; winbind enum groups = yes
; winbind enum users = yes
   usershare allow guests = yes
#======================= Share Definitions =======================
.
.
.

/etc/samba/smb.conf settings from server with shares

[global]
   workgroup = MySambaDomain
   server string = ServerName cluster
   netbios name = ServerName
   wins server = xxx.xxx.xxx.xxx
   dns proxy = no
#### Networking ####
    interfaces = br0
#### Debugging/Accounting ####
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
####### Authentication #######
   security = user
   encrypt passwords = true
        passdb backend = ldapsam:"ldap://ldap1.sub.MyDomain.com ldap://ldap2.sub.MyDomain.com"
        ldap admin dn = cn=admin,dc=MyDomain,dc=com
        ldap suffix = dc=MyDomain,dc=com
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Idmap
        ldap ssl = start tls
        ldap password sync = yes
        obey pam restrictions = yes
   unix password sync = no
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
########## Domains ###########
   domain logons = yes
   local master = no
   logon path =
   logon drive = Z:
   logon script = %U.bat
########## Printing ##########
   load printers = yes
   printing = cups
   printcap name = cups
############ Misc ############
   domain master = no
#======================= Share Definitions =======================
[netlogon]
   comment = Network Logon Service
   path = /srv/export/samba/netlogon/
   guest ok = yes
   read only = yes
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
#============================ Share Definitions ==============================
.
.
.

Can you help with this problem?

Provide an answer of your own, or ask Doug Symes for more information if necessary.

To post a message you must log in.