[Samba] Accounts are getting dsiabled
Tilo Lutz
TiloLutz at gmx.de
Sat Jul 3 08:47:54 GMT 2004
Hi
> > > TL> I have a problem with samba 3.0.5pre1.
> > > TL> Many of my users are disabled by samba
> > > TL> and I can't find the reason why.
> > > Hmm, not shure, did you look at the eventlog from your win box ??
> > > i had something alike, (before 304) and the win log showed that
> > > the password change was corrupt (was a bug before 304)..
> On Sat, 2004-07-03 at 18:15, Tilo Lutz wrote:
> > The problem is still there with samba 3.0.5pre1.
> > Samba disbales some accounts by setting the AcctFlag to "D".
> > It is also _deleting_ sambaNTPassword and sambaLMPassword in
> > my ldap database!.
> > in log.smbd (loglevel 2) I can only find some messages the
> > password of the disbaled users are wrong, not the password
> > is disabled.
> > I can't find any messages why samba has disbaled the accounts
> > itself.
Andrew Bartlett wrote:
> This is by design. As per the Samba 3.0.2a release notes:
>
> ******************* Attention! Achtung! Kree! *********************
>
> Beginning with Samba 3.0.2, passwords for accounts with a last
> change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in
> ldapsam, etc...) of zero (0) will be regarded as uninitialized
> strings. This will cause authentication to fail for such
> accounts. If you have valid passwords that meet this criteria,
> you must update the last change time to a non-zero value. If you
> do not, then 'pdbedit --force-initialized-passwords' will disable
> these accounts and reset the password hashes to a string of X's.
>
> ******************* Attention! Achtung! Kree! *********************
>
> So, either remove the 'last set time' from the record, or make it
> accurate. (Your users did not last set their password in 1970).
None of my acounts in ldap have set sambaPwdLastSet, even those
acounts which became disabled. If I have understand you right,
samba should not disable account if the attribute sambaPwdLastSet
is not defined in ldap?
Tilo
More information about the samba
mailing list