samba3upgrade migration results, issues, questions
Sergey Urushkin
urushkin at telros.ru
Thu May 3 23:42:53 MDT 2012
04.05.2012 04:47, Andrew Bartlett написал:
> On Thu, 2012-05-03 at 17:26 +0400, Sergey Urushkin wrote:
>> Andrew Bartlett писал 03.05.2012 16:32:
>>> What was the original account policy?
>> sambaMaxPwdAge: 2592000
> This is the fundemental issue, and attached is a proposed patch. The
> logs you sent me privately contained the critical clue.
>
> The problem is, that this is a 7000 year password expiry. As such, it
> is a little beyond what times we can print with gmtime(), which breaks
> down for such large dates.
>
> I've put in a clamp on returning and processing password expiry past
> 2038 for now, as we define TIME_T_MAX to that in for other processing.
>
> Please let me know if this solves your issue, so I can push it to
> master, and I thank you very much for your patience.
>
> Andrew Bartlett
This patch may help in some situations, but I believe there is another
reason for this issue.
Here is a part of samba.schema for openldap:
# "maximum password age"
attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
DESC 'Maximum password age, in seconds (default: -1 => never
expire passwords)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
The key words are "in seconds". So, I think the problem is that
samba3upgrade uses this value as a number of days, but it should be a
number of seconds.
Anyway I'll try you patch to test if it helps with a possible situation
you described.
Thanks.
--
Best regards,
Sergey Urushkin
More information about the samba-technical
mailing list