[389-users] Expired password still allows samba login

[Grzegorz Dwornicki]

As i recall from my days as samba admin. Samba had its own attributes and
you shold use smb* commands to set expiration of password.

Greg.
06-09-2012 17:26, "David Hoskinson" <david.hoskinson at datatrak.net>
napisał(a):

>  We have discovered that if a 389 ldap account expires due to age, that
> the user can still use 389 authentication to login to our samba setup.  I
> have set back in time the passwordexpirationtime and sambapwdlastset
> variables to see if this blocks access.  It does deny ldap login, but samba
> can still access for same account.  Is there something we are missing in
> our schema in 389 or smb.conf file that will force samba to use the
> expiration date.****
>
> ** **
>
> Our system levels are Oracle Linux 5.5****
>
> ** **
>
> 389 Files****
>
> ** **
>
> 389-ds-base-1.2.8.3-1.el5****
>
> 389-ds-console-doc-1.2.5-1.el5****
>
> 389-ds-base-libs-1.2.8.3-1.el5****
>
> 389-adminutil-1.1.13-1.el5****
>
> 389-ds-console-1.2.5-1.el5****
>
> 389-admin-console-1.1.7-1.el5****
>
> 389-console-1.1.4-1.el5****
>
> 389-ds-1.2.1-1.el5****
>
> 389-admin-1.1.16-1.el5****
>
> 389-admin-console-doc-1.1.7-1.el5****
>
> 389-dsgw-1.1.6-1.el5****
>
> ** **
>
> Samba Files on remote server****
>
> ** **
>
> samba3-utils-3.6.3-44.el5****
>
> samba3-3.6.3-44.el5****
>
> samba3-client-3.6.3-44.el5****
>
> ** **
>
> Thank you for your guidance...****
>
> ** **
>
> ** **
>
> David Hoskinson | *D**ATATRAK*
> Systems Engineer
> Mayfield Heights, Ohio, USA
> +1.440.443.0082 x 124 (p) | +1.319.471.3689 (m)
> david.hoskinson at datatrak.net | www.datatrak.net**
>
> ** **
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120906/94e8a6e1/attachment.html>