info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Password must change
487 views
Skip to first unread message
Carlos A. P. Cunha
Apr 28, 2016, 1:10:04 PM4/28/16
to
Hello!
Own Samba 4.4 as ADDC with this cnfiguração passwords:
root @ Upsilon: ~ # samba-domain tool PasswordSettings show
Password informations for domain 'DC = XXXXXXXX "
Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 1
Maximum password age (days): 400
Account lockout duration (mins): 30
Account lockout threshold (attempts): 0
Reset account lockout after (mins): 30
But I would like a User password had expired less days:
pdbedit -u -v mark
It has the attribute:
Password must change
I would like to change this, it is possible?
I tried this way
pdbedit --pwd-must-change-time = "29/04/2016" --time-format = "% Y-% m-%
d" mark
However it did not work.
Goodbye
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Own Samba 4.4 as ADDC with this cnfiguração passwords:
root @ Upsilon: ~ # samba-domain tool PasswordSettings show
Password informations for domain 'DC = XXXXXXXX "
Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 1
Maximum password age (days): 400
Account lockout duration (mins): 30
Account lockout threshold (attempts): 0
Reset account lockout after (mins): 30
But I would like a User password had expired less days:
pdbedit -u -v mark
It has the attribute:
Password must change
I would like to change this, it is possible?
I tried this way
pdbedit --pwd-must-change-time = "29/04/2016" --time-format = "% Y-% m-%
d" mark
However it did not work.
Goodbye
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
Apr 28, 2016, 2:20:03 PM4/28/16
to
On 28/04/16 18:04, Carlos A. P. Cunha wrote:
> Hello!
> Own Samba 4.4 as ADDC with this cnfiguração passwords:
>
>
> root @ Upsilon: ~ # samba-domain tool PasswordSettings show
> Password informations for domain 'DC = XXXXXXXX "
>
> Password complexity: on
> Store plaintext passwords: off
> Password history length: 24
> Minimum password length: 7
> Minimum password age (days): 1
> Maximum password age (days): 400
> Account lockout duration (mins): 30
> Account lockout threshold (attempts): 0
> Reset account lockout after (mins): 30
>
>
> But I would like a User password had expired less days:
>
> pdbedit -u -v mark
>
> It has the attribute:
>
> Password must change
>
> I would like to change this, it is possible?
>
> I tried this way
>
> pdbedit --pwd-must-change-time = "29/04/2016" --time-format = "% Y-%
> m-% d" mark
>
> However it did not work.
>
> Goodbye
>
Not sure that will ever work, why not just change the users password and
> Hello!
> Own Samba 4.4 as ADDC with this cnfiguração passwords:
>
>
> root @ Upsilon: ~ # samba-domain tool PasswordSettings show
> Password informations for domain 'DC = XXXXXXXX "
>
> Password complexity: on
> Store plaintext passwords: off
> Password history length: 24
> Minimum password length: 7
> Minimum password age (days): 1
> Maximum password age (days): 400
> Account lockout duration (mins): 30
> Account lockout threshold (attempts): 0
> Reset account lockout after (mins): 30
>
>
> But I would like a User password had expired less days:
>
> pdbedit -u -v mark
>
> It has the attribute:
>
> Password must change
>
> I would like to change this, it is possible?
>
> I tried this way
>
> pdbedit --pwd-must-change-time = "29/04/2016" --time-format = "% Y-%
> m-% d" mark
>
> However it did not work.
>
> Goodbye
>
then set the maximum password age, see 'samba-tool domain
passwordsettings --help' for more info
Rowland
Carlos A. P. Cunha
Apr 28, 2016, 3:00:04 PM4/28/16
to
Hello!
I had looked at the options, and found nothing to what I want to do ...
Because of this, I tried alteranativas with "pdbedit".
Any other option?
Goodbye
Em 28-04-2016 15:09, Rowland penny escreveu:
> samba-tool domain passwordsettings --help
I had looked at the options, and found nothing to what I want to do ...
Because of this, I tried alteranativas with "pdbedit".
Any other option?
Goodbye
Em 28-04-2016 15:09, Rowland penny escreveu:
> samba-tool domain passwordsettings --help
Rowland penny
Apr 28, 2016, 3:20:03 PM4/28/16
to
On 28/04/16 19:49, Carlos A. P. Cunha wrote:
>
> Hello!
> I had looked at the options, and found nothing to what I want to do ...
> Because of this, I tried alteranativas with "pdbedit".
>
> Any other option?
>
> Goodbye
>
>
> Em 28-04-2016 15:09, Rowland penny escreveu:
>> samba-tool domain passwordsettings --help
>
OK, the users password must have expired, this means that the
>
> Hello!
> I had looked at the options, and found nothing to what I want to do ...
> Because of this, I tried alteranativas with "pdbedit".
>
> Any other option?
>
> Goodbye
>
>
> Em 28-04-2016 15:09, Rowland penny escreveu:
>> samba-tool domain passwordsettings --help
>
'pwdLastSet' attribute will now contain '0', if you want to un-expire
the password, you need to change this to '-1'. When the user next logs
in, 'pwdLastSet' will get set to the current date/time.
You cannot set 'pwdLastSet' to anything other than '0' or '-1'
Do you want to go to all the trouble of changing an attribute with ldb
or similar, or do what I suggested earlier ?
Rowland
Luke Barone
Apr 28, 2016, 3:30:04 PM4/28/16
to
On Thu, Apr 28, 2016 at 11:09 AM, Rowland penny <rpe...@samba.org> wrote:
> pdbedit --pwd-must-change-time = "29/04/2016" --time-format = "% Y-% m-%
> d" mark
Is this not setting the time format to be Year Month Day? The variables
> pdbedit --pwd-must-change-time = "29/04/2016" --time-format = "% Y-% m-%
> d" mark
would be out of order if that's what's happening
Carlos A. P. Cunha
Apr 28, 2016, 3:40:04 PM4/28/16
to
What I want is to get definiri X user had the expiration date on a date
and Y user on another date, but this date I could set.
The date when you arrive, you have to change this password.
When I use the command
samba-tool user setexpiry USER - noexpiry
it change the "Password must change: Tuesday, 19 Jan 2038 01:14:07 GMT"
I would like to do this, so that setting the date.
and Y user on another date, but this date I could set.
The date when you arrive, you have to change this password.
When I use the command
samba-tool user setexpiry USER - noexpiry
it change the "Password must change: Tuesday, 19 Jan 2038 01:14:07 GMT"
I would like to do this, so that setting the date.
Carlos A. P. Cunha
Apr 28, 2016, 4:00:04 PM4/28/16
to
Hello!
It was only wrong in posting when I tried to order was correct.
Goodbye
It was only wrong in posting when I tried to order was correct.
Goodbye
Rowland penny
Apr 28, 2016, 4:00:04 PM4/28/16
to
probably have 512 stored in this (normal account) add 65536 (don't
expire password) to this and store the result (66048) in the attribute.
Carlos A. P. Cunha
Apr 28, 2016, 4:40:03 PM4/28/16
to
Sorry but I do not understand ....
:-O
:-O
Rowland penny
Apr 28, 2016, 5:20:04 PM4/28/16
to
expires, you have to use Samba-tool for this, you will also have to use
samba-tool to change password complexity.
To make a user change their password, you need to change the
'pwdLastSet' attribute in the users AD object to '0'
To stop a users password expiring you need to change the
'UserAccountControl' attribute in the users AD object, this normally
will contain '512' if the user is enabled and '514' if the user is
disabled. To stop the password expiring you need to add '65536' to
whatever is there now (unless, of course, it is already larger than 65536).
How you do this is up to you, you could use ldbmodify, ldapmodify,
ldbedit or from ADUC.
See here for more info about UserAccountControl :
https://support.microsoft.com/en-gb/kb/305144
0 new messages