[opensuse] NT domain authentication password expiration
Hi, I have 10.2 authenticationg against NT domain. Everything is fine, except that now it shows that my password will expire in 3 days. The problem is, that for sure on the domain controller this account is set with no password expiration. There is no such a warning when I log in to a windows machine connected to that domain controller. How do I fix this? -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sunny wrote:
Hi, I have 10.2 authenticationg against NT domain.
Everything is fine, except that now it shows that my password will expire in 3 days. The problem is, that for sure on the domain controller this account is set with no password expiration. There is no such a warning when I log in to a windows machine connected to that domain controller.
How do I fix this?
This is speculative but seeing as no-one else has offered anything.. My initial thought was that you are using smbfs support and the local samba configuration file contains invalid password expiry details, or that there is something in your local username defaults. Domain login effectively attaches a locally created account to a network server account, if the local account has password expiry set this could explain this. If one machine logs in in via workgroup and the other via Domain authentication the difference in behaviour could have something to do with the different handling of authentication in those modes. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG56aCasN0sSnLmgIRAu7yAJ4pbvlmkqAqc+4eSct1rc1xRTzmAQCg3vac 6PW3v14K79tD6y31Yw3NnXE= =YQk+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/12/07, G T Smith
This is speculative but seeing as no-one else has offered anything..
My initial thought was that you are using smbfs support and the local samba configuration file contains invalid password expiry details, or that there is something in your local username defaults. Domain login effectively attaches a locally created account to a network server account, if the local account has password expiry set this could explain this.
Thanks for ths suggestion, but looks like it is not the case. I checked with YaST/Security and users/Local security, and there the max password age is set to 99999, and days before password expires warning is set to 7. But I started to receive the message, when 3 days were left. So, looks like it is not affected by the setting for local account policies. Cheers -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/10/07, Sunny
Hi, I have 10.2 authenticationg against NT domain.
Everything is fine, except that now it shows that my password will expire in 3 days. The problem is, that for sure on the domain controller this account is set with no password expiration. There is no such a warning when I log in to a windows machine connected to that domain controller.
How do I fix this?
I'll soon be locked out of my machine. It reports that the password expires today. Please help. -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sunny wrote:
On 9/10/07, Sunny
wrote: Hi, I have 10.2 authenticationg against NT domain.
Everything is fine, except that now it shows that my password will expire in 3 days. The problem is, that for sure on the domain controller this account is set with no password expiration. There is no such a warning when I log in to a windows machine connected to that domain controller.
How do I fix this?
I'll soon be locked out of my machine. It reports that the password expires today. Please help.
I hate to say this but the simple option is probably to change the password, and see if the condition clears... If this is a NT4.x style domain, stuff gets distributed and cached around the network, and occasionally these are damn odd locations. If one of these locations has corrupt info then it can be very difficult to track this down and correct it. (Inconsistencies are supposed to go away after a bit if the domain servers notice a problem, but single server setups tend to be a bit vulnerable). If it is a multi-server Windows domain setup, all the domain servers will probably need to be checked to see if one has a problem. If you have multiple trusted domains as well life can get truly interesting... AD is a different ball game.. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG6XrMasN0sSnLmgIRAvl3AJwMluPLsEs+9xSYWq8sYzFrFIrtZQCfUE9I woa3jTJFmyYBIX2aHRxRIag= =9pw7 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sunny wrote:
On 9/10/07, Sunny
wrote: Hi, I have 10.2 authenticationg against NT domain.
Everything is fine, except that now it shows that my password will expire in 3 days. The problem is, that for sure on the domain controller this account is set with no password expiration. There is no such a warning when I log in to a windows machine connected to that domain controller.
How do I fix this?
I'll soon be locked out of my machine. It reports that the password expires today. Please help.
man chage -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/13/07, G T Smith
setups tend to be a bit vulnerable). If it is a multi-server Windows domain setup, all the domain servers will probably need to be checked to see if one has a problem. If you have multiple trusted domains as well life can get truly interesting...
No, this is really simple network, one NT4 DC, and couple of windows workstations, and mine opensuse. :( -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/13/07, Sandy Drobic
man chage
chage -l chage: Unknown user `MYDOMAIN\sunny'.
I guess chage is for local users, not domain ones. -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sunny wrote:
On 9/13/07, Sandy Drobic
wrote: man chage
chage -l chage: Unknown user `MYDOMAIN\sunny'.
I guess chage is for local users, not domain ones.
Yes. In that case you probably have a password expiry policy on your domain controller. That is nothing you can influence from your workstation. So you can only try to change the password and hope that expiry will be reset. IIRC the password expiry period is 42 days in a default installation. Do you get any hints other than the fact that the password is expiring? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/13/07, Sandy Drobic
Yes. In that case you probably have a password expiry policy on your domain controller. That is nothing you can influence from your workstation. So you can only try to change the password and hope that expiry will be reset.
On the DC this account is set to never expire. When I log with this account on a Windows workstation, there is no warning, and everything works OK.
IIRC the password expiry period is 42 days in a default installation. Do you get any hints other than the fact that the password is expiring?
I remember this happening once in the past, then reseting the password on the DC helped. Back then I let the period to expire, and I was locked out of the suse machine, while I was able to log in to a windows box. So, your suggestion will solve the current problem, but temporary. It will happen again. I'm looking for more permanent solution. I also opened a bug case in novell's bugzilla, but still no comments there. Anyway, any help is appreciated, thanks -- Svetoslav Milenov (Sunny) Even the most advanced equipment in the hands of the ignorant is just a pile of scrap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
G T Smith
-
Sandy Drobic
-
Sunny