On 6/17/05 12:34 PM, "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 17 Jun 2005, Anthony Hess wrote: > >> So that's what is disabling it then, thanks. Too bad the user account >> script that we have had for the past few years sets that to zero :) I >> guess the behavior must have been different under 2.2.x? (didn't do much >> with samba back then). > > Always helps to read the release notes :-) This was part of the > security fix in Samba 3.0.2a. Yep, suppose that's true. I did now for that issue. Anyway, the behavior is pretty scary it looks like - a warning beyond a note of the behavior change in the release notes probably would have been nice (especially using the compat mode like we are - since the behavior is different than 2.2). There doesn't appear to be any really easy way to fix it once you do it. Go back to 2.2 and restore my directory from backup maybe :) >> Is there any way I can easily reset all of the user accounts using >> smbpasswd -e instead of scripting some change to the directory server >> entries? If I could just get it to enable the accounts without asking >> me for a user's password I think that would do it. > > If you are using an smbpasswd file, then just manually change the last > field. Nope, using LDAP. Now correct me if Im wrong, but it appears that the lockout removes the lmpassword, ntpassword, and sets acctFlags to DUX and removes a space. I don't see any way for me to fix the issue without having the users enter their passwords again. This looks like something that can be reasonably easily fixed via a web script that the users run, but I had hoped for some way for me to leave them out of this. Anyone have any other ideas? Im sure glad its summer and very few people are using samba :), Tony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
