Bug 3975 - Samba client reports password expires when group policy says it never does
Summary: Samba client reports password expires when group policy says it never does
Status: RESOLVED DUPLICATE of bug 3969
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.23a
Hardware: x64 Linux
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-28 13:10 UTC by Shannon Johnson
Modified: 2006-08-04 12:21 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Shannon Johnson 2006-07-28 13:10:33 UTC 
We have a Windows 2003 R2 server with a group policy set so once the user changes their password for the first time, the password never expires. However, starting with Samba 3.0.23a (the last known good version that I tested was 3.0.21c), the user gets a message saying their password has expired and it prompted to change it. This message goes away if we manually check the "Password never expires" in the active directory for that user, but we can't do that until after the user changes their password for the first time (otherwise it removes the "User must change password" check).

The syslog says "pam_sm_acct_mgmt success but pam_winbind_new_authtok_reqd is set".
Comment 1 Shannon Johnson 2006-07-28 13:12:37 UTC 
I tried 3.0.23a on both x86 and x86_64 platforms with the same results.
Comment 2 Shannon Johnson 2006-07-31 13:37:13 UTC 
The temporary solution is to change the group policy to expire the password in 999 days, rather than never (or, as it turns out, is "0" days). It'd be nice if Samba could interpret the 0 days as "never" though...
Comment 3 Gerald (Jerry) Carter (dead mail address) 2006-08-04 12:21:07 UTC 

*** This bug has been marked as a duplicate of 3969 ***