Bug 5603 - Samba 3 ignores sambaPwdMustChange
Summary: Samba 3 ignores sambaPwdMustChange
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.28a
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-07-09 15:20 UTC by David Markey
Modified: 2008-11-09 19:25 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Markey 2008-07-09 15:20:20 UTC 
Im using ldap as a backend and samba seems to be ignoring that field so a users password never expires. I dont think its normal behavior:

[root@centos5 source]# smbldap-usershow dmarkey 2> /dev/null | grep sambaPwdMustChange
sambaPwdMustChange: 1215634805
[root@centos5 source]# smbldap-usermod -B1 dmarkey
[root@centos5 source]# smbldap-usershow dmarkey 2> /dev/null | grep sambaPwdMustChange
sambaPwdMustChange: 0
[root@centos5 source]# su - dmarkey
[dmarkey@centos5 ~]$ net user
Password:
root
nobody
dmarkey
testtesttest


A windows login also works.


Centos52 OS.
Comment 1 mourik jan c heupink 2008-10-09 09:47:46 UTC 
I am seeing this here as well. My samba is 3.0.26a on suse linux enterprise server 9, sp3.

Here is what I see:

According to the documentation setting sambaPwdMustChange=0 should cause a "you are required to change your password" upon login. However, on my setup, it does NOT work. The user can log on, but is NOT asked to change his or her password.

Then I tried using "net sam set pwdmustchangenow USERNAME yes" (which is I guess the native samba way of archiving this) and it DOES work, BUT: by setting: "sambaPwdLastSet=0" ! 

So it looks at sambaPwdLastSet=0 instead of sambaPwdMustChange=0

Here is what I see from an ldif: 
 
Before: 
dn: uid=heupink,ou=users,dc=intech,dc=unu,dc=edu 
sambaPwdMustChange: 2147... 
sambaPwdCanChange: 1195... 
sambaLMPassword: 1487... 
sambaNTPassword: F81D... 
-> sambaPwdLastSet: 1219... 
 
After "net sam set pwdmustchangenow heupink yes" 
dn: uid=heupink,ou=users,dc=intech,dc=unu,dc=edu 
sambaPwdMustChange: 2147... 
sambaPwdCanChange: 1195... 
sambaLMPassword: 1487... 
sambaNTPassword: F81D... 
-> sambaPwdLastSet: 0 
 
When I logon I get the 'you are required to change your password' dialogue. After I change my password I see: 
dn: uid=heupink,ou=users,dc=intech,dc=unu,dc=edu 
sambaPwdMustChange: 2147... 
sambaPwdCanChange: 1195... 
sambaLMPassword: 0213... 
sambaNTPassword: EE9D... 
-> sambaPwdLastSet: 1223...
Comment 2 David Markey 2008-11-09 19:25:19 UTC 
sambaPwdMustChange seems to have been phased out since 3.0.25(ish). Heimdal samba integration relies on it but i have submitted patched to hdb-ldap so it doesnt.