On 05/21/12 16:09, Roland Gruber wrote: > Hi Bill, > > it would be great if you can ask the Samba guys how this is done in LDAP with > the latest Samba version.
Hi Roland Funny thing... I checked a WIndows domain login again today and found the user was forced to change his password on every login again... ldapsearch showed sambaPwdMustChange: -1 but pdbedit -v <username> showed Password must change: Mon, 18 Jan 2038 22:14:07 EST It no longer said "never" like it did when I reported that I was able to login without being forced to change my password. Also, I am not able affect that pdbedit "Password must change" attribute anymore, no matter what sambaPwdMustChange is set to and verified as using ldapsearch (or LAM's Tree Editor) and the users are always forced to change password at each login. Sigh... So I found this thread today: http://samba.2283325.n4.nabble.com/quot-Password-must-change-quot-versus-sambaPwdMustChange-attribute-td2468263.html Key post: from 5/24/07 (That is 5 years ago! arg) --[snip]-- This is by design. We now dynamically calculate the maximum password age from pwdLastChange plus account policy to match what NT does. Volker --[snip]-- But that is clearly not what is happening with my install because "Password must Change" field never changed no matter what I set the "maximum password age" to using the command net sam policy set "maximum password age" And no matter what the user's "Password last set" (LDAP sambaPwdLastSet attrbute) is set to.. > I hope they did not change back to the old variant and I have to revert the code changes. :( I am going to post to the samba list ASAP, but would love to hear any ideas you might have to help resolve this. It is kind of getting a bit ridiculous and I really need to resolve this before rollout. :) Thanks again! -- Bill Arlofski Reverse Polarity, LLC ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
