Domain users with expired account passwords cannot set a new one during login

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Domain users with expired account passwords cannot set a new one during login

Samba - General mailing list
I'm in the process of setting up a Samba 4 PDC on Debian 8. I've set user passwords to expire after a day for testing purposes. When a user tries to log in when his password has already expired, he only gets a short "The user account has expired." message and then gets sent back to the username/password screen, effectively locking them out. Tested with Windows 10 and Windows 7.

There seems to be a way to get a "Enter your old password and a new password twice" screen instead, but I'm having a hard time finding where to configure that. Can anyone assist?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Domain users with expired account passwords cannot set a new one during login

Samba - General mailing list
Mandi! akanator via samba
  In chel di` si favelave...

> I'm in the process of setting up a Samba 4 PDC on Debian 8. I've set user passwords to expire after a day for testing purposes. When a user tries to log in when his password has already expired, he only gets a short "The user account has expired." message and then gets sent back to the username/password screen, effectively locking them out. Tested with Windows 10 and Windows 7.
> There seems to be a way to get a "Enter your old password and a new password twice" screen instead, but I'm having a hard time finding where to configure that. Can anyone assist?

AFAI've understood, there are two different expiration: password and
account.

Account expiration are irreversible, you set a date and after that date
account are disabled.

Password expiration instead seems what you are speaking abount: if
password expires, you are asked to change the password at logon.


Account expiration are set as a date in AD data; password expiration
are set in polixy (or GPO) as as 'number of days after the last
password change'.

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...