Bug 5603 - Samba 3 ignores sambaPwdMustChange
Samba 3 ignores sambaPwdMustChange
Status: RESOLVED WONTFIX
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.28a
x86 Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-09 15:20 UTC by David Markey
Modified: 2008-11-09 19:25 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Markey 2008-07-09 15:20:20 UTC
Im using ldap as a backend and samba seems to be ignoring that field so a users password never expires. I dont think its normal behavior:

[root@centos5 source]# smbldap-usershow dmarkey 2> /dev/null | grep sambaPwdMustChange
sambaPwdMustChange: 1215634805
[root@centos5 source]# smbldap-usermod -B1 dmarkey
[root@centos5 source]# smbldap-usershow dmarkey 2> /dev/null | grep sambaPwdMustChange
sambaPwdMustChange: 0
[root@centos5 source]# su - dmarkey
[dmarkey@centos5 ~]$ net user
Password:
root
nobody
dmarkey
testtesttest


A windows login also works.


Centos52 OS.
Comment 1 mourik jan c heupink 2008-10-09 09:47:46 UTC
I am seeing this here as well. My samba is 3.0.26a on suse linux enterprise server 9, sp3.

Here is what I see:

According to the documentation setting sambaPwdMustChange=0 should cause a "you are required to change your password" upon login. However, on my setup, it does NOT work. The user can log on, but is NOT asked to change his or her password.

Then I tried using "net sam set pwdmustchangenow USERNAME yes" (which is I guess the native samba way of archiving this) and it DOES work, BUT: by setting: "sambaPwdLastSet=0" ! 

So it looks at sambaPwdLastSet=0 instead of sambaPwdMustChange=0

Here is what I see from an ldif: 
 
Before: 
dn: uid=heupink,ou=users,dc=intech,dc=unu,dc=edu 
sambaPwdMustChange: 2147... 
sambaPwdCanChange: 1195... 
sambaLMPassword: 1487... 
sambaNTPassword: F81D... 
-> sambaPwdLastSet: 1219... 
 
After "net sam set pwdmustchangenow heupink yes" 
dn: uid=heupink,ou=users,dc=intech,dc=unu,dc=edu 
sambaPwdMustChange: 2147... 
sambaPwdCanChange: 1195... 
sambaLMPassword: 1487... 
sambaNTPassword: F81D... 
-> sambaPwdLastSet: 0 
 
When I logon I get the 'you are required to change your password' dialogue. After I change my password I see: 
dn: uid=heupink,ou=users,dc=intech,dc=unu,dc=edu 
sambaPwdMustChange: 2147... 
sambaPwdCanChange: 1195... 
sambaLMPassword: 0213... 
sambaNTPassword: EE9D... 
-> sambaPwdLastSet: 1223... 
Comment 2 David Markey 2008-11-09 19:25:19 UTC
sambaPwdMustChange seems to have been phased out since 3.0.25(ish). Heimdal samba integration relies on it but i have submitted patched to hdb-ldap so it doesnt.