Fix for change password , samba-3.0. 3rc1
Jianliang Lu
j.lu at tiesse.com
Thu Apr 22 16:13:46 GMT 2004
I resubmit this fix for Samba-3.0.3rc1 because it's important for change
password and logon process.
The symptom of the problem is: an user is created with usrmgr and the "must
change password at next logon" was checked, so the user should change his
password at next logon, but if the account policy "minimum password age" is
imposed and the change password is not allowed immediately, the change
password will be failed and he cannot log onto domain.
Another problem is the return NT_STATUS code for "min password age"
violation, it should be "The password on this account cannot be changed at
this time" (NT_STATUS_ACCOUNT_RESTRICTION (0xC0000000 | 0x006e)), and
not "You new password does not meet the minimum length or password
history........" (NT_STATUS_PASSWORD_RESTRICTION (0xC0000000 | 0x006c)).
FIX:
--- smbd/chgpasswd.c.orig Thu Apr 22 10:40:59 2004
+++ smbd/chgpasswd.c Thu Apr 22 10:39:26 2004
@@ -946,10 +946,10 @@
BOOL ret;
uint32 min_len;
- if ((time(NULL) < pdb_get_pass_can_change_time(hnd)) &&
(pdb_get_pass_must_change_
time(hnd) != 0)) {
+ if (time(NULL) < pdb_get_pass_can_change_time(hnd)) {
DEBUG(1, ("user %s cannot change password now, must wait until %s\n",
pdb_get_username(hnd), http_timestring
(pdb_get_pass_can_change_time(hnd)
)));
- return NT_STATUS_ACCOUNT_RESTRICTION;
+ return NT_STATUS_PASSWORD_RESTRICTION;
}
if (account_policy_get(AP_MIN_PASSWORD_LEN, &min_len) && (strlen
(new_passwd) < min
_len)) {
-----------
Jianliang Lu
TieSse s.p.a. Ivrea (To) - Italy
j.lu at tiesse.com luj at libero.it
http://www.tiesse.com
More information about the samba-technical
mailing list