<p>As i recall from my days as samba admin. Samba had its own attributes and you shold use smb* commands to set expiration of password. </p>
<p>Greg.</p>
<div class="gmail_quote">06-09-2012 17:26, "David Hoskinson" <<a href="mailto:david.hoskinson@datatrak.net">david.hoskinson@datatrak.net</a>> napisał(a):<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal">We have discovered that if a 389 ldap account expires due to age, that the user can still use 389 authentication to login to our samba setup. I have set back in time the passwordexpirationtime and sambapwdlastset variables to see if this
blocks access. It does deny ldap login, but samba can still access for same account. Is there something we are missing in our schema in 389 or smb.conf file that will force samba to use the expiration date.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Our system levels are Oracle Linux 5.5<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">389 Files<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">389-ds-base-1.2.8.3-1.el5<u></u><u></u></p>
<p class="MsoNormal">389-ds-console-doc-1.2.5-1.el5<u></u><u></u></p>
<p class="MsoNormal">389-ds-base-libs-1.2.8.3-1.el5<u></u><u></u></p>
<p class="MsoNormal">389-adminutil-1.1.13-1.el5<u></u><u></u></p>
<p class="MsoNormal">389-ds-console-1.2.5-1.el5<u></u><u></u></p>
<p class="MsoNormal">389-admin-console-1.1.7-1.el5<u></u><u></u></p>
<p class="MsoNormal">389-console-1.1.4-1.el5<u></u><u></u></p>
<p class="MsoNormal">389-ds-1.2.1-1.el5<u></u><u></u></p>
<p class="MsoNormal">389-admin-1.1.16-1.el5<u></u><u></u></p>
<p class="MsoNormal">389-admin-console-doc-1.1.7-1.el5<u></u><u></u></p>
<p class="MsoNormal">389-dsgw-1.1.6-1.el5<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Samba Files on remote server<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">samba3-utils-3.6.3-44.el5<u></u><u></u></p>
<p class="MsoNormal">samba3-3.6.3-44.el5<u></u><u></u></p>
<p class="MsoNormal">samba3-client-3.6.3-44.el5<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thank you for your guidance…<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="margin-bottom:10.0pt;line-height:115%"><span style="line-height:115%;font-size:10.0pt;font-family:"Arial","sans-serif"">David Hoskinson |
</span><b><i><span style="font-size:12.0pt;line-height:115%;font-family:"Helvetica","sans-serif";color:#1c2674">D</span></i></b><b><i><span style="font-size:10.0pt;line-height:115%;font-family:"Helvetica","sans-serif";color:#1c2674">ATATRAK</span></i></b><span style="line-height:115%;font-size:10.0pt;font-family:"Arial","sans-serif""><br>
Systems Engineer<br>
Mayfield Heights, Ohio, USA <br>
<a href="tel:%2B1.440.443.0082%20x%20124" value="+14404430082" target="_blank">+1.440.443.0082 x 124</a> (p</span><span style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"">) | +1.319<span style>.471.3689 (m)<br>
<a href="mailto:david.hoskinson@datatrak.net" title="blocked::mailto:anna.lyatkher@datatrak.net" target="_blank"><span style="color:blue">david.hoskinson@datatrak.net</span></a> | <a href="http://www.datatrak.net/" title="blocked::http://www.datatrak.net/
http://www.datatrak.net/" target="_blank"><span style="color:blue">www.datatrak.net</span></a></span></span><b><i><span style="font-family:"Helvetica","sans-serif""><u></u><u></u></span></i></b></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br>--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br></blockquote></div>