Hi!On Sat, 3 Jul 2004, Tilo Lutz wrote:
None of my acounts in ldap have set sambaPwdLastSet, even those acounts which became disabled. If I have understand you right, samba should not disable account if the attribute sambaPwdLastSet is not defined in ldap?
On Mon, 2004-07-05 at 06:56, Gerald (Jerry) Carter wrote:
If the attribute is not defined smbd gives it an implicit value of 0.
Andrew Bartlet wrote:
If that's what caused the issue, then there is a bug (which I'm happy to
look into and fix).
/* only reset a password if the last set time has been explicitly been set to zero. A default last set time is ignored */
if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT) && (pdb_get_pass_last_set_time(pass) == 0) ) {
The intention of the logic was that if the value was undefined in LDAP,
the flags would be set to PDB_DEFAULT and it would not be treated as
'defined as zero' for this test.
I take a closer look at my users: Heres a ldap record (without password hashes) of saturday: dn: uid=alexander-cristea,ou=kl-1g3,ou=people,dc=wms-hn,dc=de userPassword:: e0NSWVBUfTE3NnUxQzA0ZDhCbG8= shadowLastChange: 11947 sambaPwdLastSet: 1 objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person objectClass: organizationalPerson objectClass: top objectClass: sambaSamAccount cn: alexander-cristea sn: alexander-cristea uid: alexander-cristea homeDirectory: /home/kl-1g3/alexander-cristea gecos: "kl-1g3" loginShell: /bin/sh shadowMin: 1 shadowMax: 99999 shadowWarning: 14 sambaPwdMustChange: 1800000000 gidNumber: 112 sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1225 uidNumber: 5248 sambaSID: S-1-5-21-3371203057-3264423045-2392767973-11496 sambaProfilePath: \\WILMA2\profile sambaAcctFlags: [UX ]
The same user monday morning: # alexander-cristea, kl-1g3, people, wms-hn.de dn: uid=alexander-cristea,ou=kl-1g3,ou=people,dc=wms-hn,dc=de objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person objectClass: organizationalPerson objectClass: top objectClass: sambaSamAccount cn: alexander-cristea sn: alexander-cristea uid: alexander-cristea homeDirectory: /home/kl-1g3/alexander-cristea gecos: "kl-1g3" loginShell: /bin/sh shadowMin: 1 shadowMax: 99999 shadowWarning: 14 sambaPwdMustChange: 1800000000 gidNumber: 112 sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1225 uidNumber: 5248 sambaSID: S-1-5-21-3371203057-3264423045-2392767973-11496 sambaProfilePath: \\WILMA2\profile sambaAcctFlags: [DUX ]
Again there's no logentrie in log.smbd (loglevel 2). As you can see the account was disabled and sambaPwdLastSet was removed.
Anything I can do to find the problem? Which loglevel should I use?
Tilo
I'd experienced such a problem after I migrated from samba 2.2.8a to samba 3.0.4 with ldap backend. I'd found out that if sambaPwdLastSet = 0
upon user connection account got disabled. The workaround is to manually set sambaPwdLastSet to some real date for all users.
New created users shouldn't have the problem.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
