Marc Grimme wrote:
Am 14.10.2012 23:14, schrieb Simo Sorce:
On Fri, 2012-10-12 at 16:47 +0200, Marc Grimme wrote:
Right I am ok with sambaPwdMustChange not being set. That's all good.
What about sambaPwdLastSet ?
Not set when a user is created new.
When I change the password:
sambaPwdLastSet: 0
Not working with samba!
Need to apply my script (see below).

BTW: when I create a user as follows:
ipa user-add tuser2 --first=Test --last=User2 --shell=/bin/false
The SambaSID is: just assign.
ldapsearch -LLL -b "uid=tuser2,cn=users,cn=accounts,dc=cl,dc=atix" sambaSID
SASL/GSSAPI authentication started
SASL username: ad...@cl.atix
SASL data security layer installed.
dn: uid=tuser2,cn=users,cn=accounts,dc=cl,dc=atix
sambaSID: assign
Am I missing something or is this to be changed later on?

What objectclasses is your user getting by default? Is it satisfying the DNA filter?


Which attribute are you 'fixing' ?
And how ?
I wrote a script that basically does the following.

out=$(ldapsearch -LLL -b uid=$1,cn=users,cn=accounts,dc=cl,dc=atix
sambaPwdLastSet 2>/dev/null)
if [ $? -ne 0 ]; then
    echo "Error during retreiving of sambaPwdLastSet.."
    exit 1
pwdlastset=$(echo "$out" | head -2 | tail -1 | cut -f2 -d " ")
if [ -z "$pwdlastset" ]; then
   echo "Adding a pwdlastset time.."
   ldapadd <<EOF
dn: uid=$1,cn=users,cn=accounts,dc=cl,dc=atix
changetype: add
add: sambaPwdLastSet
sambaPwdLastSet: 1344931739
elif [ "$pwdlastset" = "0" ]; then
   echo "Wrong value. Modifying to proper one.."
   ldapmodify <<EOF
dn: uid=$1,cn=users,cn=accounts,dc=cl,dc=atix
changetype: modify
replace: sambaPwdLastSet
sambaPwdLastSet: 1344931739
   echo "Everything ok. sambaPwdLastSet: $pwdlastset"

Can you should me the specific attribute you are 'fixing' before/after
the password change and before/after the 'fix' ?
see above.
I can access samba as follows:
smbclient -U tuser2 -L methusalix2 -D ATIX2
Enter tuser2's password:
Domain=[ATIX2] OS=[Unix] Server=[Samba 3.5.10-125.el6]

     Sharename       Type      Comment

So the initial setup seems to be the problem, right?
There seem to be an issue somewhere indeed, we need to narrow down to
the exact change, then I can look in the code and see what's going on in
there, as sambaPwdLastSet should be changed by the code.
Hope this helps.
Do you need more information?

Freeipa-users mailing list

Reply via email to