Univention Corporate Server (UCS)

ID #1379

The user password is expired but the user can still login on a windows client?

UCS follows two different concepts. The password expiry date in LDAP is adjustable for each user but the password settings in samba4 have global effect as usual in AD. That is why we can not synchronize both settings. This raises sometimes the following question.

The user password is expired but the user can still login on a windows client?

The following possibilities could cause the Problem

  • Have you set the password expirey in samba4? You can check the settings with the following command:
    samba-tool domain passwordsettings show
    Password informations for domain 'DC=sunshine,DC=local'

    Password complexity: off
    Store plaintext passwords: off
    Password history length: 3
    Minimum password length: 6
    Minimum password age (days): 0
    Maximum password age (days): 0
    Account lockout duration (mins): 0
    Account lockout threshold (attempts): 0
    Reset account lockout after (mins): 30
    If no maximum password age is set in samba but in OpenLDAP the password expiry interval is set, some authentications-routines will not work, after the passsword is expired but the login on windows still works.

  • Have you recently changed the password expiry interval in LDAP? You can check the settings with the following command:

    udm policies/pwhistory list

    DN: cn=default-settings,cn=pwhistory,cn=users,cn=policies,dc=sunshine,dc=local
    ARG: None
      ldapFilter: None
      name: default-settings
      length: 3
      expiryInterval: 70
      pwQualityCheck: None
      pwLength:
    Samba recognizes these changes immediately when you increase the password expiry interval. In LDAP the expiry date is calculated with the last value, since the user changed his password.
    Because of this different behaviour in LDAP the password is already expired and the user is ask to change his password in the UMC, but Windows won't ask for a passwordchange.

Tags: -

Related entries:

Last update: 2017-01-19 15:31
Author: christina scheinig
Revision: 1.0

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry