Just a heads up to anyone upgrading to 3.0.2. In our case we used the new Fedora Core updates (the ones from the Fedora team, not the ones on the samba website) to update a samba PDC from 3.0.0.
As stated in the release notes for 3.02a (which I read on the samba website): Beginning with Samba 3.0.2, passwords for accounts with a last change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in ldapsam, etc...) of zero (0) will be regarded as uninitialized strings. This will cause authentication to fail for such accounts. If you have valid passwords that meet this criteria, you must update the last change time to a non-zero value. This occured in our smbpasswd file. But in addition, a few other user accounts were also disabled, even though they had valid LCT times! I couldn't find a pattern except that these were accounts created with relatively recent versions of samba (maybe 2.2.8 and later) whereas the other accounts have been in the system since the early 2.2 days. So I suggest that: 1. Before you upgrade, have a look through your user accounts and revise any that don't have a valid LCT. The simplest thing to do may be to change the password once. Even changing it to itself will probably work. I'm not sure how accounts end up with LCT-0, but we had a bunch of them, and these users could not log on after the upgrade. 2. After upgrading, look again and see if any other accounts were disabled, so you can fix those too. Look for accounts where the flags in the smbpasswd file are set to [ux ]. Replace the "x" with a space character. By the way, the smbpasswd(5) man page, which describes the layout of the smbpasswd file, does not explain this "x" character, but removing it does work. Hope this saves someone the pressure of searching for a solution while users look over your shoulder. Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
