Bug 4492 - User Cant change password
User Cant change password
Status: RESOLVED WORKSFORME
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.9
x64 Windows XP
: P3 major
: none
Assigned To: Gerald (Jerry) Carter
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-07 00:57 UTC by Varun A Utagikar
Modified: 2007-04-07 08:05 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Varun A Utagikar 2007-04-07 00:57:45 UTC
We are using OPenldap-2.2.13-2 as backend to SambaPDC.We ave got a mixed clients setup.Linux boxes are no problem at all.But Win Xp (64bit) boxes 
do not allow users to change their password with the following error:

"user cannot change his password at this time"

The resulting logs being:


[2007/04/07 00:32:12, 0] lib/util_sock.c:get_peer_addr(1000)
  getpeername failed. Error was Transport endpoint is not connected
[2007/04/07 00:32:12, 0] lib/util_sock.c:write_socket_data(430)
  write_socket_data: write failure. Error = Connection reset by peer
[2007/04/07 00:32:12, 0] lib/util_sock.c:write_socket(455)
  write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer
[2007/04/07 00:32:12, 0] lib/util_sock.c:send_smb(647)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2007/04/07 00:32:12, 2] smbd/server.c:exit_server(571)
  Closing connections
[2007/04/07 00:32:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: sudhir
[2007/04/07 00:32:12, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
  init_group_from_ldap: Entry found for group: 513
[2007/04/07 00:32:12, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [sudhir] -> [sudhir] -> [sudhir] succeeded
[2007/04/07 00:32:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: sudhir
[2007/04/07 00:32:12, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [sudhir] -> [sudhir] -> [sudhir] succeeded
[2007/04/07 00:32:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: sudhir
[2007/04/07 00:32:12, 1] smbd/chgpasswd.c:change_oem_password(1017)
  user sudhir cannot change password now, must wait until Mon, 18 Jan 2038 21:14:07 GMT

Its clear from the logs that the user can change his password after
18 Jan 2038 21:14:07 GMT .

The result of 'pdbedit -Lv username' is as follows:

[root@ns ~]# pdbedit -Lv satyendra

Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DIAT.AC.IN))]
smbldap_open_connection: connection opened
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DIAT.AC.IN))]
smbldap_open_connection: connection opened
init_sam_from_ldap: Entry found for user: satyendra
Unix username:        satyendra
NT username:          satyendra
Account Flags:        [U          ]
User SID:             S-1-5-21-75321029-842577198-2410934301-3010
Primary Group SID:    S-1-5-21-75321029-842577198-2410934301-513
Full Name:            System User
Home Directory:       \\NS.DIAT.AC.IN\satyendra
HomeDir Drive:        H:
Logon Script:         logon.bat
Profile Path:         \\192.168.250.1\profiles\satyendra
Domain:               DIAT.AC.IN
Account desc:         System User
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 GMT
Kickoff time:         Mon, 18 Jan 2038 21:14:07 GMT
Password last set:    Fri, 30 Mar 2007 23:34:55 GMT
Password can change:  Mon, 18 Jan 2038 21:14:07 GMT
Password must change: Tue, 15 May 2007 00:34:55 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


The "Password can change" field gets a default value which we cannot override.
Even pdbedit -C --pwd-can-change-tine="MM-DD-YY" dosent change this value.

Help Needed

Varun
Comment 1 Gerald (Jerry) Carter 2007-04-07 07:56:29 UTC
is this really Samba 3.0.9 ?  Is so, then my best advice 
is to retest against a current Samba release.
Comment 2 Gerald (Jerry) Carter 2007-04-07 08:04:56 UTC
You might also be able to just use pdbedit from the 3.0.25rc1 release.
You might talk to you vendor (if this is a vendor provided version)
about back porting the necessary changes to 3.0.9.

If you can reopen this against 3.0.24 or 3.0.25rc1, please reopen.
Comment 3 Gerald (Jerry) Carter 2007-04-07 08:05:21 UTC
Should have said:  If you can reproduce this against 3.0.24 or 3.0.25rc1, 
please reopen.