Nadezhda Ivanova nivanova at
Fri Jul 2 00:04:16 MDT 2010

Yes, we always restore the original value of minPwdAge.
About the acl change - the test does not pass without it. We will of course
have separate tests force-password-change in acl, in fact I've already done
them, and they confirm it - if a modify is of type add, you need to have
this CAR, otherwise you get insufficient access. Funny how you do not need
it for a delete... Since I am making Samba behave the same way, we will need
this here or make test will be failing...


On Fri, Jul 2, 2010 at 1:03 AM, Andrew Bartlett <abartlet at> wrote:

> On Thu, 2010-07-01 at 15:11 +0300, Nadezhda Ivanova wrote:
> > Hi Matthias,
> > Attached is my proposed patch to reset minPwdAge so no manual resetting
> is
> > needed against windows.
> It's not clear from the context, but is this setup/cleanup pattern so
> that unless something catastrophic happens, we always put the server
> back how we found it?
> > In addition, when I ran the tests using the credentials of "testuser", as
> > they are supposed to run when ACL checks stop failing, one of your
> negative
> > tests returned INSIFFUCIENT_ACCESS instead of the expected
> > UNWILLING_TO_PERFORM, so to make it work as expected I gave that user the
> > necessary access right. So what do you think, can I push it?
> I'm not sure about the ACL change, but we certainly should have some
> tests of the force-password-change right.
> Andrew Bartlett
> --
> Andrew Bartlett                      <>
> Authentication Developer, Samba Team 
> Samba Developer, Cisco Inc.

More information about the samba-technical mailing list