account policy "maximum password age" description: Maximum password age, in seconds (default: -1 => never expire passwords) account policy "maximum password age" value is: 4294967295The value given to this policy :
8640000
account policy "maximum password age" description: Maximum password age, in seconds (default: -1 => never expire passwords)
account policy "maximum password age" value was: 4294967295
account policy "maximum password age" value is now: 8640000
Unix username: kevin Password last set: dim., 21 mars 2021 19:14:26 CET Password can change: dim., 21 mars 2021 19:14:26 CET immediate password change is allowed by minimum password age = 0 Password must change: mar., 29 juin 2021 20:14:26 CEST password change date + 100 days Unix username: stuart shows status for all Samba users Password last set: dim., 21 mars 2021 19:14:27 CET Password can change: dim., 21 mars 2021 19:14:27 CET Password must change: mar., 29 juin 2021 20:14:27 CEST
now + maximum password age. Changing the policy value does not affect the change date of existing passwords (source).
It depends.... It depends on :
So, as of 2021 :
mount: only root can use "--types" option
-rwsr-xr-x 1 root root 35K Jun 17 2018 /sbin/mount.cifs*
Flag | Usage |
---|---|
-s --suppress-prompt | testparm is designed to be run interactively and expects to be pressed after displaying the first diagnosis page. This flag suppresses this and allows the utility to be run non-interactively. |
[global]
section :
log level = logLevel
With logLevel :
logLevel | Usage |
---|---|
0 | (default) only critical errors and serious warnings will be logged |
1 | reasonable level for day-to-day running : it generates a small amount of information about operations carried out |
2, 3 | will generate considerable amounts of log data, and should only be used when investigating a problem |
4-10 | these levels are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic |
5 processes are in enforce mode. /usr/sbin/smbd (830) smbd /usr/sbin/smbd (833) smbd /usr/sbin/smbd (834) smbd /usr/sbin/smbd (835) smbd /usr/sbin/smbd (3393) smbd
logfiles
/etc/apparmor/logprof.conf | cut -d '=
' -f 2); do [ -e "$i" ] && grep -iq 'apparmor
' "$i" && echo "'$i' matches"; done
'/var/log/syslog' matches '/var/log/messages' matches
apparmor
"$i" | tail -10 | md5sum; done9f03bd8f908cbe44f3e078c95a259be4 - 9f03bd8f908cbe44f3e078c95a259be4 -Nope, so let's focus on /var/log/messages only, then.
apparmor
Aug 27 11:23:02 localhost kernel: [ 9180.681476] audit: type=1400 audit(1566897782.433:2083): apparmor="DENIED" operation="open" profile="smbd" name="/target/of/symlink/on/usb/drive" pid=3393 comm="smbd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
profile smbd
' /etc/apparmor*/etc/apparmor.d/usr.sbin.smbd:profile smbd /usr/{bin,sbin}/smbd flags=(complain) {
[global] allow insecure wide links = yes unix extensions = no [myShare] path = /path/to/sharedDir wide links = yes
L : local R : remote 2 : "to" 1 : enable
Les liens symboliques local à local sont activés Les liens symboliques local à distant sont activés. Les liens symboliques distant à local sont activés. Les liens symboliques distant à distant sont activés.
workaround : as root : mount --bind /directory/to/effectively/share /directory/shared/by/samba