Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   Expired password still allows samba login (http://www.linux-archive.org/fedora-directory/701143-expired-password-still-allows-samba-login.html)

David Hoskinson 09-06-2012 03:25 PM

Expired password still allows samba login
 
We have discovered that if a 389 ldap account expires due to age, that the user can still use 389 authentication to login to our samba setup.¬* I have set back in time the passwordexpirationtime and sambapwdlastset variables to see if this
blocks access.¬* It does deny ldap login, but samba can still access for same account.¬* Is there something we are missing in our schema in 389 or smb.conf file that will force samba to use the expiration date.

¬*

Our system levels are Oracle Linux 5.5

¬*

389 Files

¬*

389-ds-base-1.2.8.3-1.el5

389-ds-console-doc-1.2.5-1.el5

389-ds-base-libs-1.2.8.3-1.el5

389-adminutil-1.1.13-1.el5

389-ds-console-1.2.5-1.el5

389-admin-console-1.1.7-1.el5

389-console-1.1.4-1.el5

389-ds-1.2.1-1.el5

389-admin-1.1.16-1.el5

389-admin-console-doc-1.1.7-1.el5

389-dsgw-1.1.6-1.el5

¬*

Samba Files on remote server

¬*

samba3-utils-3.6.3-44.el5

samba3-3.6.3-44.el5

samba3-client-3.6.3-44.el5

¬*

Thank you for your guidance…

¬*

¬*

David Hoskinson |
DATATRAK

Systems Engineer

Mayfield Heights, Ohio, USA¬*

+1.440.443.0082 x 124¬*(p)¬*|¬*+1.319.471.3689 (m)

david.hoskinson@datatrak.net¬*|¬*www.datatrak.net

¬*




--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 07:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.