samba3upgrade migration results, issues, questions
Andrew Bartlett
abartlet at samba.org
Sun May 6 01:25:52 MDT 2012
On Fri, 2012-05-04 at 09:42 +0400, Sergey Urushkin wrote:
>
> 04.05.2012 04:47, Andrew Bartlett написал:
> > On Thu, 2012-05-03 at 17:26 +0400, Sergey Urushkin wrote:
> >> Andrew Bartlett писал 03.05.2012 16:32:
> >>> What was the original account policy?
> >> sambaMaxPwdAge: 2592000
> > This is the fundemental issue, and attached is a proposed patch. The
> > logs you sent me privately contained the critical clue.
> >
> > The problem is, that this is a 7000 year password expiry. As such, it
> > is a little beyond what times we can print with gmtime(), which breaks
> > down for such large dates.
> >
> > I've put in a clamp on returning and processing password expiry past
> > 2038 for now, as we define TIME_T_MAX to that in for other processing.
> >
> > Please let me know if this solves your issue, so I can push it to
> > master, and I thank you very much for your patience.
> >
> > Andrew Bartlett
> This patch may help in some situations, but I believe there is another
> reason for this issue.
> Here is a part of samba.schema for openldap:
>
> # "maximum password age"
> attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
> DESC 'Maximum password age, in seconds (default: -1 => never
> expire passwords)'
> EQUALITY integerMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
>
> The key words are "in seconds". So, I think the problem is that
> samba3upgrade uses this value as a number of days, but it should be a
> number of seconds.
> Anyway I'll try you patch to test if it helps with a possible situation
> you described.
Thanks, this is why I'm very glad to be working with you on this. Try
this patch instead.
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-s3-upgrade-Max-min-password-age-policy-is-in-seco.patch
Type: text/x-patch
Size: 1540 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120506/7c3982a9/attachment.bin>
More information about the samba-technical
mailing list