4646 – sambaPwdMustChange ignored

Bug 4646 - sambaPwdMustChange ignored

Summary: sambaPwdMustChange ignored

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	Domain Control (show other bugs)
Version:	3.0.25
Hardware:	Other Windows XP

Importance:	P3 normal
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-05-22 00:24 UTC by Patrick Rynhart
Modified:	2007-05-22 02:37 UTC (History)
CC List:	0 users

See Also:

Attachments
smb.conf (2.39 KB, text/plain) 2007-05-22 00:27 UTC, Patrick Rynhart	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Patrick Rynhart 2007-05-22 00:24:25 UTC

Samba 3.0.25 appears to be ignoring the LDAP property sambaPwdMustChange.

With the same LDAP backend and the same smb.conf file, setting sambaPwdMustChange to 1 for user prynhart with Samba 3.0.23d gives the correct answer of

# pdbedit -u prynhart -L -v | grep 'Password must change'
Password must change: Thu, 01 Jan 1970 12:00:01 NZST

However, with Samba 3.0.25 get

# pdbedit -u prynhart -L -v | grep 'Password must change'
Password must change: Tue, 19 Jan 2038 16:14:07 NZDT

I have Samba 3.0.23d and 3.0.25 installed "side-by-side" at

/usr/local/samba-3.0.23d
/usr/local/samba-3.0.25

To switch between versions I am using a symlink created from /usr/local/samba

smb.conf for both versions is the same (and is a symlink to /etc/samba/smb.conf)

Regards,

Patrick

Comment 1 Patrick Rynhart 2007-05-22 00:27:11 UTC

Created attachment 2715 [details]
smb.conf

Comment 2 Patrick Rynhart 2007-05-22 00:39:17 UTC

With 3.0.23d in the info3 structure I'm getting

000014 net_io_user_info3                                                                                                                  
        0014 ptr_user_info : 00000000                                                                                                         
    0018 auth_resp   : 00000001                                                                                                               
    001c status      : NT_STATUS_PASSWORD_EXPIRED   

but with 3.0.25

 000014 net_io_user_info3                                                                                                                  
        0014 ptr_user_info : 00000001                                                                                                         
        000018 smb_io_time logon time                                                                                                         
            0018 low : 00000000                                                                                                               
            001c high: 00000000                                                                                                               
        000020 smb_io_time logoff time                                                                                                        
            0020 low : d4a5e980                                                                                                               
            0024 high: 01e9fd1e                                                                                                               
        000028 smb_io_time kickoff time                                                                                                       
            0028 low : d4a5e980                                                                                                               
            002c high: 01e9fd1e                                                                                                               
        000030 smb_io_time last set time                                                                                                      
            0030 low : d5d71680                                                                                                               
            0034 high: 019db1de                                                                                                               
        000038 smb_io_time can change time                                                                                                    
            0038 low : d5d71680                                                                                                               
            003c high: 019db1de                                                                                                               
        000040 smb_io_time must change time                                                                                                   
            0040 low : d4a5e980                                                                                                               
            0044 high: 01e9fd1e                                                                                                               
        000048 smb_io_unihdr hdr_user_name                                                                                                    
            0048 uni_str_len: 0010                                                                                                            
            004a uni_max_len: 0010                                                                                                            
            004c buffer     : 00000001                                                                                                        
        000050 smb_io_unihdr hdr_full_name                                                                                                    
            0050 uni_str_len: 001e                                                                                                            
            0052 uni_max_len: 001e                                                                                                            
            0054 buffer     : 00000001                                                                                                        
        000058 smb_io_unihdr hdr_logon_script                                                                                                 
            0058 uni_str_len: 0018                                                                                                            
            005a uni_max_len: 0018                                                                                                            
            005c buffer     : 00000001                                                                                                        
        000060 smb_io_unihdr hdr_profile_path                                                                                                 
            0060 uni_str_len: 0000                                                                                                            
            0062 uni_max_len: 0000                                                                                                            
            0064 buffer     : 00000000                                                                                                        
        000068 smb_io_unihdr hdr_home_dir                                                                                                     
            0068 uni_str_len: 0000                                                                                                            
            006a uni_max_len: 0000                                                                                                            
            006c buffer     : 00000000                                                                                                        
        000070 smb_io_unihdr hdr_dir_drive                                                                                                    
            0070 uni_str_len: 0000                                                                                                            
            0072 uni_max_len: 0000                                                                                                            
            0074 buffer     : 00000000                                                                                                        
        0078 logon_count   : 0000                                                                                                             
        007a bad_pw_count  : 0000                                                                                                             
        007c user_rid      : 00018b0d                                                                                                         
        0080 group_rid     : 00000201                                                                                                         
        0084 num_groups    : 00000001                                                                                                         
        0088 buffer_groups : 00000001                                                                                                         
        008c user_flgs     : 00000020

Comment 3 Volker Lendecke 2007-05-22 02:37:07 UTC

This is by design. We changed the must change semantics, now it is dynamically calculated based on last change + max password age account policy.

You can set the max password age with 

net sam policy set "maximum password age" 30

Volker