Bug 4165 - pdbedit -P to set policy, but the policy is not working.
pdbedit -P to set policy, but the policy is not working.
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.9
x86 Linux
: P3 critical
: none
Assigned To: Jim McDonough
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-11 04:01 UTC by huiyicao
Modified: 2006-12-22 08:59 UTC (History)
2 users (show)

See Also:


Attachments
attach smb.conf of mine for you reference (7.84 KB, text/plain)
2006-10-22 20:33 UTC, huiyicao
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description huiyicao 2006-10-11 04:01:39 UTC
I set the pdbedit -P'maximum password age' -C 7776000, then use smbpasswd command to change password, but the policy is not working. 
I check my password policy use
>pdbedit -v caohy|grep must
then, I get following message:
the Password must change: Sat, 14 Dec 1901 04:45:51 GMT.  

What is the problem?
Comment 1 huiyicao 2006-10-17 04:43:37 UTC
Can I get any update about this bug?
Comment 2 huiyicao 2006-10-19 02:05:06 UTC
my paltform version is Linux Enterprise ES v3.  and I upgrade my samba rpm version to 3.0.23c. but pdbedit -P is not working also. Thanks!
Comment 3 Alexander Bokovoy 2006-10-19 02:17:38 UTC
Jim, you've looked at password expiration lately, could you please check this one? It seems strange for 90 days expiration to wrap up to 1901 era.
Comment 4 Jim McDonough 2006-10-19 08:10:15 UTC
We're going to need more details on this, like your smb.conf.  I'd also like to make sure we're dealing with a 32-bit system and not 64-bit, so a uname -a would be helpful.  Also, where did you get your rpms from?

I've tried this on RHEL3 x86 (which I'm assuming is what you mean by Enterprise Linux v3), and it properly calculates the times.
Comment 5 huiyicao 2006-10-22 20:33:34 UTC
Created attachment 2188 [details]
attach smb.conf of mine for you reference
Comment 6 huiyicao 2006-10-22 20:34:37 UTC
uname -a is 
Linux sofile 2.4.21-47.EL #1 Wed Jul 5 20:46:55 EDT 2006 i686 i686 i386 GNU/Linux.

and I get the 3.0.23c samba rpm from www.samba.org website.
Comment 7 Jim McDonough 2006-10-25 13:04:10 UTC
OK, I'm guessing you use the redhat 9 package then?  In any case, I don't get this wrapping date that you do, but I  do find that it never changes.  This is something that is fixed in the current svn, however.  Any chance you could try building your own and verifying?
Comment 8 huiyicao 2006-10-30 20:37:58 UTC
Hi,  I follow your advice to get samba-3.0.23c.tar source code. and building by myself on my server.  but the pdbedit is still not working. I set the max password policy is 7776000, but when I list my userid's password policy.  it is appeared as following:
[root@sosamba bin]# ./pdbedit -v caohy
Unix username:        caohy
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1868144117-324277176-1049630313-2000
Primary Group SID:    S-1-5-21-1868144117-324277176-1049630313-513
Full Name:
Home Directory:       \\sosamba\caohy
HomeDir Drive:
Logon Script:
Profile Path:         \\sosamba\caohy\profile
Domain:               SOSAMBA
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Tue, 19 Jan 2038 11:14:07 CST
Kickoff time:         Tue, 19 Jan 2038 11:14:07 CST
Password last set:    Tue, 31 Oct 2006 10:24:09 CST
Password can change:  Tue, 31 Oct 2006 10:24:09 CST
Password must change: Tue, 19 Jan 2038 11:14:07 CST
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Comment 9 Jim McDonough 2006-11-03 08:42:48 UTC
Sorry, I was trying to get you to use the latest development code, not the latest released version.  Any chance you can try that?
Comment 10 huiyicao 2006-11-07 01:00:09 UTC
Sorry. I am realy not sure what your meaning is. I get the samba-3.0.23c.tar  from www.samba.org website.  I don't know what you want to me to try? 
Comment 11 Jim McDonough 2006-11-07 07:48:17 UTC
I was meaning you'd need to get the latest code in the SAMBA_3_0 development branch:

svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_0 samba3

see http://us3.samba.org/samba/devel/ for more info.

Or if you want to rsync you could use:
rsync://ftp.samba.org/pub/unpacked/samba_3_0/source
Comment 12 huiyicao 2006-11-15 23:52:08 UTC
I installed the samba3 version before.  the pdbedit -P is not working normal.  Could you please do the related fixing?
Comment 13 Jim McDonough 2006-11-16 03:05:20 UTC
You have not tried the development version, you have only tried rebuilding the same code that is already known to not work.  You need to follow my instructions for downloading the _development_ version.  Please do not download the 3.0.23 tarfiles.  Use svn or rsync to get the development version.
Comment 14 huiyicao 2006-11-19 19:54:17 UTC
I get error -bash: rsync://ftp.samba.org/pub/unpacked/samba_3_0/source: No such file or directory when I use rsync://ftp.samba.org/pub/unpacked/samba_3_0/source as your advice.
Comment 15 huiyicao 2006-11-19 21:43:34 UTC
I download the source from site //ftp.samba.org/pub/unpacked/samba_3_0/source. then do the sambe rebuild.  but failed when do the make. attach the part of errors for you reference:
include/proto.h:6547: error: previous definition of 'dyn_PRIVATE_DIR' was here
include/proto.h:304765: warning: array 'dfs_commands' assumed to have one element
include/proto.h:304766: warning: array 'ds_commands' assumed to have one element
include/proto.h:304767: warning: array 'echo_commands' assumed to have one element
include/proto.h:304760: warning: array 'lsarpc_commands' assumed to have one element
include/proto.h:304763: warning: array 'netlogon_commands' assumed to have one element
include/proto.h:304761: warning: array 'samr_commands' assumed to have one element
include/proto.h:304768: warning: array 'shutdown_commands' assumed to have one element
include/proto.h:304762: warning: array 'spoolss_commands' assumed to have one element
include/proto.h:304764: warning: array 'srvsvc_commands' assumed to have one element
include/proto.h:304769: warning: array 'test_commands' assumed to have one element
include/proto.h:304759: warning: array 'unixinfo_commands' assumed to have one element
include/proto.h:304765: error: storage size of `dfs_commands' isn't known
include/proto.h:304766: error: storage size of `ds_commands' isn't known
include/proto.h:304767: error: storage size of `echo_commands' isn't known
include/proto.h:304760: error: storage size of `lsarpc_commands' isn't known
include/proto.h:304763: error: storage size of `netlogon_commands' isn't known
include/proto.h:304761: error: storage size of `samr_commands' isn't known
include/proto.h:304768: error: storage size of `shutdown_commands' isn't known
include/proto.h:304762: error: storage size of `spoolss_commands' isn't known
include/proto.h:304764: error: storage size of `srvsvc_commands' isn't known
include/proto.h:304769: error: storage size of `test_commands' isn't known
include/proto.h:304759: error: storage size of `unixinfo_commands' isn't known
include/proto.h:348303: error: storage size of `sec_ctx_stack' isn't known
include/proto.h:358997: error: storage size of `conn_ctx_stack' isn't known
The following command failed:
gcc  -I/usr/kerberos/include -O -D_SAMBA_BUILD_=3  -I/home/caohy/samba-3.0.23c/source/iniparser/src -Iinclude -I./include  -I. -I. -I./lib/replace -I./lib/talloc -I./tdb/include -I./libaddns -I./librpc  -DHAVE_CONFIG_H  -I/usr/kerberos/include -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_DEPRECATED    -I/home/caohy/samba-3.0.23c/source/lib -D_SAMBA_BUILD_=3 -DCONFIGFILE="/usr/local/samba/lib/smb.conf"  -DSBINDIR="/usr/local/samba/sbin" -DBINDIR="/usr/local/samba/bin" -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts"  -DSWATDIR="/usr/local/samba/swat"  -DLOCKDIR="/usr/local/samba/var/locks" -DPIDDIR="/usr/local/samba/var/locks" -DLIBDIR="/usr/local/samba/lib" -DLOGFILEBASE="/usr/local/samba/var" -DSHLIBEXT="so" -DCONFIGDIR="/usr/local/samba/lib" -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd" -DPRIVATE_DIR="/usr/local/samba/private" -fPIC -c /home/caohy/samba-3.0.23c/source/dynconfig.c -o dynconfig.o
make: *** [dynconfig.o] Error 1
Comment 16 huiyicao 2006-12-22 02:39:42 UTC
I load the SAMBA_3_0 development branch as your guide. the pdbedit -P is working.  but when this version is normal release? I need install the release version of samba on my production server.  I download the  samba 3.0.23d source code  from  your website.  but this version is also not working on pdbedit -P.
Comment 17 Jim McDonough 2006-12-22 08:59:09 UTC
Please contant me internally at jmcd@us.ibm.com on this one.  As far as the Samba team is concerned this issue is fixed, as you have noted, so I will close it here.  Your current issue is getting a distro release to include it, and that's an IBM/distro issue, not a samba team issue.