Re: Samba and Password life time

M.Marirajan · ‎04-21-2003

Hi

Have a HP-9000 workstation which serves as a file repository. It is a trusted HP-UX 11.0 OS. When mapped via samba, samba does not force the user to change password though the life time has expired. Is there a way to enforce it. Have set the password life time to 90 days.

Thanks

Mari

Sky is the limit

Gary Yu · ‎04-21-2003

Hi Mari,

Samba has its own password mechanism, using /opt/samba/bin/smbpassswd command, not sure if you can set additional rules on that, but you can play around with Samba's admin interface -- swat, to see if there's such settings.

thanks,
Gary

Steven E. Protter · ‎04-21-2003

Samba has its own password command called smbpasswd

Now I run three trusted systems with samba on all three.

When I change the user password, samba access is denied until I do the following command as root:

smbpasswd

There is no change prompt, what should be happening is access denied the instant that the os password is changed.

Is that what's happening?

As noted above there may be a link in the swat interface that lets users reset their passwords as well. I've just not discovered this cool functionality yet.

SEP
Way to excited about HP-UX while on vacation.

Good luck to you all.

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Schelstraete Bart_1 · ‎04-22-2003

Steven,

May I ask your which password 'chat string' (in smb.conf) you are using on Trusted systems?

tnx.
Bart

M.Marirajan · ‎05-13-2003

Hi All,

sorry that I could not respond was sick and not able to respond. Apologies.

Hi Gary- Yes samba has its own password, but the system is a production server and has 400 over users who map to hp server to do file storage etc... Since this was not implemented for ages I do not want to disturb the settings. I am very keen on knowing any way out there from OS to enforce this?.

Hi steven,

Pls. refer to my response to gary above. Password is not at all configured to use smbpassword feature.

Hi Bart,

How to get this string that you are looking for.

Thanks to all you there and once again my apologies for this late response.

Let me know if you all have any comments.

Sky is the limit

Darren Prior · ‎05-13-2003

Hi Mari,

You have mentioned that you aren't using Samba's password structure - can you explain how you are authenticating; perhaps using a NT PDC? If you attach your smb.conf it may help.

regards,

Darren.

Calm down. It's only ones and zeros...

M.Marirajan · ‎05-13-2003

Hi Daren,
attached is the smbconf file. authentication is done with OS password.

Sky is the limit

Darren Prior · ‎05-13-2003

Hi Mari,

Ah, so you're using share level security! I can understand from what you've said so far why you're doing this. However this method of security isn't that great for Samba; I guess it was mainly added to provide an equivalent to Win95's "share level access control."

I believe (and this is from the theory as I have never personally used share level security) that the password from any valid user will access the share. So, user B could use user A's password to access the share!

I'm not aware if Samba accesses the password in such a way as to count for incorrect passwords, expiry, etc. A method of checking this is to connect to the share, then login to HP-UX with the same user and see whether their last login time is the time of connecting to the share. If it doesn't it may be worth checking through the release notes of a newer version.

It would be inconvenient for you to move to a different security method, is user level security, but I believe it would offer you better security along with the password expiry (as mentioned by one of the other comments on this thread.)

regards,

Darren

Calm down. It's only ones and zeros...

M.Marirajan · ‎05-16-2003

Hi Darrn,

You are right, different user can access. But there is a catch, we are also running TNG unicenter to control the access level to ensure relavant group gets access to specific folders (don't ask me Y, all along it is there and I am following!).

well whenever anyone connect last access date time for the user doesnot get updated. That is why the problem is.

anyway have to suggest to move to either higher version or look for better solution to get over this (looking for a better solution though!).

Thanks for all help from the thread.

Mari

Sky is the limit

Steven E. Protter · ‎05-16-2003

I am belatedly attaching my entire smb.conf file since a question was directed at me.

I apologize for not replying sooner.

See attachment as a refernce doc.

Note that currently I do not have any relattionship with our network PDC to validate network users. The samba users on the example systems are all controlled and reset locally, which is btw a pain.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Samba and Password life time

Samba and Password life time