Can't set max-pwd-age (Maximum Password Age for the domain) using samba-tool. As reported on list: https://lists.samba.org/archive/samba/2019-March/222100.html samba-tool domain passwordsettings set --max-pwd-age=270 WARNING: The "server schannel" option is deprecated ERROR(<class 'TypeError'>): uncaught exception - unorderable types: NoneType() >= int() File "bin/python/samba/netcmd/__init__.py", line 185, in _run return self.run(*args, **kwargs) File "bin/python/samba/netcmd/domain.py", line 1514, in run if max_pwd_age and max_pwd_age > 0 and min_pwd_age >= max_pwd_age: The problem is the command doesn't work using python3. Should be simple to fix. In the meantime, the workaround is to specify min-pwd-age as well as max-pwd-age. E.g. samba-tool domain passwordsettings set --max-pwd-age=270 --min-pwd-age=default WARNING: The "server schannel" option is deprecated Minimum password age changed! Maximum password age changed! All changes applied successfully!
Rowland reply on the matter the list. n Mon, 6 May 2019 08:57:35 +0200 "L.P.H. van Belle via samba" <samba@lists.samba.org> wrote: > Hai, > > Well, i think you found a bug here, i get exact the same. > But i found a workaround ;-) > > We need to verify it. Can someone test this on a source build also > for this. > > Try this for the error. > samba-tool domain passwordsettings show > samba-tool domain passwordsettings set --max-pwd-age=90 > > That errors. > > And if you try this and set Min + Max age, then it works: > > kinit Administrator > samba-tool domain passwordsettings set --max-pwd-age=90 > --min-pwd-age=1 -k yes Minimum password age changed! > Maximum password age changed! > All changes applied successfully! > > If some people here can verify it, then we can put it in bugzilla. > Morning Louis, It does appear to be a bug ;-) If you run: samba-tool domain passwordsettings --help Amongst the output is this: --min-pwd-age=MIN_PWD_AGE The minimum password age (<integer in days> | default). Default is 1. Which seems to say, if you don't supply the minimum password age, '1' will be used, BUT: The code runs like this: def run(self, H=None, min_pwd_age=None,........ if min_pwd_age is not None: if min_pwd_age == "default": min_pwd_age = 1 else: min_pwd_age = int(min_pwd_age) If you haven't supplied the minimum password age, the 'def' will set it to 'None'. This means that the code meant to set the minimum password age to '1' is never run because 'min_pwd_age' is 'None' I think the code should be: if min_pwd_age is None: if min_pwd_age == "default": min_pwd_age = 1 else: min_pwd_age = int(min_pwd_age) Rowland
(In reply to Louis from comment #1) link to relevant mailing-list thread: https://lists.samba.org/archive/samba/2019-May/222911.html
Created attachment 15126 [details] Fix for v4.10 Attached is the fix for back-porting to 4.10. CI pass: https://gitlab.com/catalyst-samba/samba/pipelines/60043695
Pushed to autobuild-v4-10-test.
(In reply to Karolin Seeger from comment #4) Pushed to v4-10-test. Closing out bug report. Thanks!