Bug 4646 - sambaPwdMustChange ignored
sambaPwdMustChange ignored
Status: RESOLVED WONTFIX
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.25
Other Windows XP
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-22 00:24 UTC by Patrick Rynhart
Modified: 2007-05-22 02:37 UTC (History)
0 users

See Also:


Attachments
smb.conf (2.39 KB, text/plain)
2007-05-22 00:27 UTC, Patrick Rynhart
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Rynhart 2007-05-22 00:24:25 UTC
Samba 3.0.25 appears to be ignoring the LDAP property sambaPwdMustChange.

With the same LDAP backend and the same smb.conf file, setting sambaPwdMustChange to 1 for user prynhart with Samba 3.0.23d gives the correct answer of

# pdbedit -u prynhart -L -v | grep 'Password must change'
Password must change: Thu, 01 Jan 1970 12:00:01 NZST

However, with Samba 3.0.25 get

# pdbedit -u prynhart -L -v | grep 'Password must change'
Password must change: Tue, 19 Jan 2038 16:14:07 NZDT

I have Samba 3.0.23d and 3.0.25 installed "side-by-side" at

/usr/local/samba-3.0.23d
/usr/local/samba-3.0.25

To switch between versions I am using a symlink created from /usr/local/samba

smb.conf for both versions is the same (and is a symlink to /etc/samba/smb.conf)

Regards,

Patrick
Comment 1 Patrick Rynhart 2007-05-22 00:27:11 UTC
Created attachment 2715 [details]
smb.conf
Comment 2 Patrick Rynhart 2007-05-22 00:39:17 UTC
With 3.0.23d in the info3 structure I'm getting

000014 net_io_user_info3                                                                                                                  
        0014 ptr_user_info : 00000000                                                                                                         
    0018 auth_resp   : 00000001                                                                                                               
    001c status      : NT_STATUS_PASSWORD_EXPIRED   

but with 3.0.25

 000014 net_io_user_info3                                                                                                                  
        0014 ptr_user_info : 00000001                                                                                                         
        000018 smb_io_time logon time                                                                                                         
            0018 low : 00000000                                                                                                               
            001c high: 00000000                                                                                                               
        000020 smb_io_time logoff time                                                                                                        
            0020 low : d4a5e980                                                                                                               
            0024 high: 01e9fd1e                                                                                                               
        000028 smb_io_time kickoff time                                                                                                       
            0028 low : d4a5e980                                                                                                               
            002c high: 01e9fd1e                                                                                                               
        000030 smb_io_time last set time                                                                                                      
            0030 low : d5d71680                                                                                                               
            0034 high: 019db1de                                                                                                               
        000038 smb_io_time can change time                                                                                                    
            0038 low : d5d71680                                                                                                               
            003c high: 019db1de                                                                                                               
        000040 smb_io_time must change time                                                                                                   
            0040 low : d4a5e980                                                                                                               
            0044 high: 01e9fd1e                                                                                                               
        000048 smb_io_unihdr hdr_user_name                                                                                                    
            0048 uni_str_len: 0010                                                                                                            
            004a uni_max_len: 0010                                                                                                            
            004c buffer     : 00000001                                                                                                        
        000050 smb_io_unihdr hdr_full_name                                                                                                    
            0050 uni_str_len: 001e                                                                                                            
            0052 uni_max_len: 001e                                                                                                            
            0054 buffer     : 00000001                                                                                                        
        000058 smb_io_unihdr hdr_logon_script                                                                                                 
            0058 uni_str_len: 0018                                                                                                            
            005a uni_max_len: 0018                                                                                                            
            005c buffer     : 00000001                                                                                                        
        000060 smb_io_unihdr hdr_profile_path                                                                                                 
            0060 uni_str_len: 0000                                                                                                            
            0062 uni_max_len: 0000                                                                                                            
            0064 buffer     : 00000000                                                                                                        
        000068 smb_io_unihdr hdr_home_dir                                                                                                     
            0068 uni_str_len: 0000                                                                                                            
            006a uni_max_len: 0000                                                                                                            
            006c buffer     : 00000000                                                                                                        
        000070 smb_io_unihdr hdr_dir_drive                                                                                                    
            0070 uni_str_len: 0000                                                                                                            
            0072 uni_max_len: 0000                                                                                                            
            0074 buffer     : 00000000                                                                                                        
        0078 logon_count   : 0000                                                                                                             
        007a bad_pw_count  : 0000                                                                                                             
        007c user_rid      : 00018b0d                                                                                                         
        0080 group_rid     : 00000201                                                                                                         
        0084 num_groups    : 00000001                                                                                                         
        0088 buffer_groups : 00000001                                                                                                         
        008c user_flgs     : 00000020                                                                                                         
Comment 3 Volker Lendecke 2007-05-22 02:37:07 UTC
This is by design. We changed the must change semantics, now it is dynamically calculated based on last change + max password age account policy.

You can set the max password age with 

net sam policy set "maximum password age" 30

Volker