Hello, We have been running Samba 2.2.x/Sun ONE LDAP on a particular machine for about 3 years now and I recently upgraded it to 3.0.14a with ldapsam compatibility (I can mess with the directory later if necessary).
Now when users try to connect to the server their accounts get disabled unless I have specifically enabled them using smbpasswd -e username (which is kind of tough because I have to enter their passwords at that point). Im not quite sure why its getting disabled, but I think it may be related to some 0 values in pwdcanchange, pwdlastset, or a lack of a value in pwdmustchange (that attribute is not stored in LDAP at all on the accounts that get locked, or so it appears). The strange thing is that going in and setting these values and removing the D in AcctFlags (and adding a trailing space to keep it the same number of characters) doesn't do me any good. Is there something else Im missing? Worst case, is there any way I can re-enable these disabled accounts without having to enter their password? Once I enable them they stay that way (which is how I didn't catch this in testing - I had run the -e on my account a long time ago during some earlier testing). Here is a pdbedit -Lv of a working account versus a non working one: WORKS: Unix username: tonyh NT username: tonyh Account Flags: [UX ] User SID: S-1-5-21-279200155-2930073459-3006489438-5097 Primary Group SID: S-1-5-21-279200155-2930073459-3006489438-1003 Full Name: Anthony Hess Home Directory: \\engr.arizona.edu\tonyh HomeDir Drive: H: Logon Script: Profile Path: \\fugazi.engr.arizona.edu\Profiles\%u Domain: FUGAZI Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 0 Kickoff time: 0 Password last set: Tue, 20 Jan 2004 13:41:10 MST Password can change: Tue, 20 Jan 2004 13:41:10 MST Password must change: Mon, 18 Jan 2038 20:14:07 MST Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF NO WORK: Unix username: mpoulton NT username: mpoulton Account Flags: [DUX ] User SID: S-1-5-21-279200155-2930073459-3006489438-6576 Primary Group SID: S-1-5-21-279200155-2930073459-3006489438-513 Full Name: Mary Poulton Home Directory: \\fugazi.engr.arizona.edu\mpoulton HomeDir Drive: H: Logon Script: Profile Path: \\fugazi.engr.arizona.edu\Profiles\%u Domain: FUGAZI Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 0 Kickoff time: 0 Password last set: 0 Password can change: 0 Password must change: Mon, 18 Jan 2038 20:14:07 MST Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Thanks for any help, Tony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
