Sorry again to answer my own post, but I at least figured out how to
change the Password Last Set value using the LDAP Account Manager.
Basically you need to set a date further back than 7 days. Convert it to
Unix time stamp and enter it into the users LDAP info. Then your user
will be allowed to change their expired password. But that still doesn't
explain why the Password Can Change attribute doesn't sync with Password
last set in pdbedit.
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
On 1/31/2007 11:20 AM, Jason Baker wrote:
I should have checked log files before I posted. Anyway, here is some
additional info.
I checked the log file for the machine I was trying to change the
password on and here is what it says:
[2007/01/31 10:28:06, 1] auth/auth_sam.c:sam_account_ok(178)
sam_account_ok: Account for user 'test' password expired!.
[2007/01/31 10:28:06, 1] auth/auth_sam.c:sam_account_ok(179)
sam_account_ok: Password expired at 'Tue, 30 Jan 2007 10:09:38
EST' (1170169778) unix time.
[2007/01/31 10:28:19, 1] smbd/chgpasswd.c:change_oem_password(1040)
user test cannot change password now, must wait until Wed, 07
Feb 2007 10:09:38 EST
So the section where is says Password expired at Tue, 30 Jan 2007 is
correct. A pdbedit -Lv username shows:
Logoff time: Mon, 18 Jan 2038 22:14:07 EST
Kickoff time: Thu, 31 Jan 2030 22:14:07 EST
Password last set: Wed, 31 Jan 2007 10:09:38 EST
Password can change: Mon, 01 Jan 2007 00:00:00 EST
Password must change: Tue, 30 Jan 2007 10:09:38 EST
But the log file claims that the password cannot change until Friday
Feb 2, 2007, which is seven days from Password last set: Wed, 31 Jan 2007.
BUT...Password CAN CHANGE time says: Mon, 01 Jan 2007.
I do have Minimum Password Age set to 7 days, but shouldn't Password
can change show a date 7 days from Password last set? For some reason
pdbedit is not showing the correct information.
If I run pdbedit --pwd-can-change-time="<today's date">
--time-format="%Y-%m-%d", it will change the date to today, but will
still be counting 7 days from Password last set. Is there a ways to
alter Password last set?
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
On 1/31/2007 10:47 AM, Jason Baker wrote:
I have a samba PDC set up and configured. I have been doing tests and
everything was working fine. I was able to set "User must change
password" to today's date and it would prompt the user that their
password has expired when logging into windows xp. I could then enter
a new password and be on my way. Now when I set the password to "User
must change password", when I enter the new password twice I get:
The password on this account cannot be changed at this time.
I'm not sure why it was working and now suddenly it isn't. Any thoughts?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
