Function NetUserGetInfo ignoring SambaMaxPwdAge when called in level 3?

Jörn Frenzel jf at
Tue Jun 22 05:32:54 MDT 2010

Dear all,

we have a strange behavior using Samba (Verson 3.5.2) as PDC with Open LDAP 
(Version 2.1.22) as backend and an old Novell-Client (version: 4.91 SP5) 
running on WinXP (SP3 and higher). The old PDC (Version 3.0.28) was running 
over years with the same
LDAP-Server as backend and with Novell installed on the clients.

We decided to migrate to Samba 3.5.2 , updated all the LDAP schemas 
according to Samba Version 3.5.2, setup an new 64Bit Ubuntu (10.4) and 
build the new Samba. Everything worked fine and the testclient (without 
Novell) could login without any trouble. But if i try to login on a 
Novell-Client (using nwgina.dll instead of msgina.dll), i'm forced to set a 
new password and this is what we don't want.

Users LDAP-Values for "sambaPwdMustChange" are quite old, but the 
LDAP-Value "sambaMaxPwdAge" for the object "sambaDomain" itself is set to 
"-1". As far as i understand, this should ever cover the 
"old-passwords-problem" and in indeed msgina.dll does not claim about old pwds.

As my colleague figured out msgina uses the function "NetUserGetInfo" in 
level 2, but nwgina calls this function in level 3.


So, the question is: Why is samba 3.5.2 ignoring "sambaMaxPwdAge = -1" when 
NetUserGetInfo is called in Level 3?

In the case, no one knows the answer to my question exactly, it also could 
be helpfull for us to know the name of the sourcefile and the linenumber 
where NetUserGetInfo is finally returning.  We looked around in the code, 
but it was too confusing for us.

Any help would be appreciated.



More information about the samba-technical mailing list