On Sat, 2004-07-03 at 18:15, Tilo Lutz wrote: > Hi > > > TL> I have a problem with samba 3.0.5pre1. > > TL> Many of my users are disabled by samba > > TL> and I can't find the reason why. > > > Hmm, not shure, did you look at the eventlog from your win box ?? > > i had something alike, (before 304) and the win log showed that > > the password change was corrupt (was a bug before 304).. > > The problem is still there with samba 3.0.5pre1. > Samba disbales some accounts by setting the AcctFlag to "D". > It is also _deleting_ sambaNTPassword and sambaLMPassword in > my ldap database!. > in log.smbd (loglevel 2) I can only find some messages the > password of the disbaled users are wrong, not the password > is disabled. > I can't find any messages why samba has disbaled the accounts > itself.
This is by design. As per the Samba 3.0.2a release notes: ******************* Attention! Achtung! Kree! ********************* Beginning with Samba 3.0.2, passwords for accounts with a last change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in ldapsam, etc...) of zero (0) will be regarded as uninitialized strings. This will cause authentication to fail for such accounts. If you have valid passwords that meet this criteria, you must update the last change time to a non-zero value. If you do not, then 'pdbedit --force-initialized-passwords' will disable these accounts and reset the password hashes to a string of X's. ******************* Attention! Achtung! Kree! ********************* So, either remove the 'last set time' from the record, or make it accurate. (Your users did not last set their password in 1970). Andrew Bartlett
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba