Bug 4682 - sambaPwdLastSet is changed, instead of sambaPwdMustChange
Summary: sambaPwdLastSet is changed, instead of sambaPwdMustChange
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.25a
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-06-04 16:59 UTC by Mauricio Lima
Modified: 2007-07-24 14:14 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mauricio Lima 2007-06-04 16:59:23 UTC 
I'm using a SuSE 10.0 OSS box; samba 3.0.25a; ldapsam.

When a check "User must change password at next logon" in Microsoft's User Manager, instead of getting a sambaPwdMustChange:0 in ldap, I get sambaPwdLastSet: 0

Thanks for any help!
Comment 1 Peter Daum 2007-07-24 09:58:23 UTC 
I am afraid that this is intentionally
(The Error that is returned when a user who has sambaPwdMustChange==0 tries
to connect also is NT_STATUS_PASSWORD_MUST_CHANGE), but besides misusing an
attribute for something different from what the name implies this change
may hav pretty dramatic side effectss (see Bug 4811)
Comment 2 Jim McDonough 2007-07-24 14:14:08 UTC 
This is not the result of misusing an attribute, it is the result of ending up with a schema that was created from a misunderstanding of how the SAM worked.  I would argue that havein sambaPwdMustChange of 0 should mean the exact _opposite_ of what you expect it to mean.  

If you examine the user info levels that windows uses to express the user definitions, the PasswordLastSetTime value is set to 0 by User manager when the user checks this box.  We are passing on the way windows behaves.  The PasswordMustChangeTime is _calculated_ from the policy, and is not part of the SAM.