When using user manager for domains from a Windows XP client to a Samba 3.0.25a domain with ldap passdb backend to create new accounts the "Password Must Change" field is not set. The "Password Must Change" box is checked in user manager by default but after creating the account pdbedit shows the password must change date as calculated from the password policy and password set time: rchs20dc:/var/log/samba # pdbedit -d 0 -v -u jpjtest6 | grep Pass Password last set: Wed, 20 Jun 2007 15:33:25 CDT Password can change: Wed, 20 Jun 2007 15:33:25 CDT Password must change: Tue, 18 Sep 2007 15:33:25 CDT
taking this one tdbsam works, ldapsam does not...
Found it...nothing to do with ldap, and everything to do with which usrmgr you use. user_info_25 isn't fully parsed, and we're not honoring the expired bit. I should have a patch soon. By the way, it also means logon hours aren't done from this usrmgr either...
ok, fixed up the set of user_info_25 to not always have the password last time set . Should be fixed now in revision 23616.