Hi Roland... I have run into an issue which I believe I have tracked down to a combination of a missing sambaPwdMustChange attribute and how Samba, Windows, or the combination of the two deals with it.
When a new user is created with LAM v3.7, it looks as if the the sambaPwdMustChange attribute is not set, and no matter what the "maximum password age" is set to, the user is forced to change their password at every logon. ldapsearch results, and inspecting the new user in LAM's Tree View both confirm that attribute is missing. When a new user is created, pdbedit -v <newuser> shows: Password must change: Mon, 18 Jan 2038 22:14:07 EST But I have also seen on initial creation pdbedit -v <newuser> show: Password must change: 0 If I edit the user in LAM's Tree View and add the sambaPwdMustChange attribute and set it to "-1", then pdbedit -v <newuser> shows: Password must change: never And the user is no longer forced to change his password at every Windows domain login. Would it be possible or would it make sense for LAM to add this attribute when a new user is created? BTW, the same issue exists when a user is created with the smbldap-tools' smbldap-useradd script. This is on: 64-bit Gentoo Linux Samba 3.5.6 openLDAP 2.4.30 LAM 3.7 smbldap-tools 0.9.4-r1 (which of course does not have anything to do with LAM, but it does exhibit the same issue) Thanks! -- Bill Arlofski Reverse Polarity, LLC ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
