samba3upgrade migration results, issues, questions
abartlet at samba.org
Mon May 7 03:23:26 MDT 2012
On Mon, 2012-05-07 at 13:12 +0400, Sergey Urushkin wrote:
> Andrew Bartlett писал 07.05.2012 02:30:
> > On Fri, 2012-05-04 at 15:46 +0400, Sergey Urushkin wrote:
> >> Backing to the small domain... seems it's not the same bug.
> >> There I have max-pwd-age=0, but the problem still exists. Using
> >> ldbsearch I found that all accounts "accountExpires" attribute is
> >> set to
> >> "116444735990000000" (23:59:59 - 01.01.1970).
> >> Setting it to a lager value e.g. "136444735990000000" (2033y) fixes
> >> account. So, I tried to view s3.0 tdb account via s3.6 pdbedit tool:
> >> Unix username: pc106
> >> NT username:
> >> Account Flags: [U ]
> >> User SID: S-1-5-21-2558268738-2209604249-3907695097-3026
> >> Primary Group SID: (NULL SID)
> >> Full Name: Samba_User &
> >> Home Directory: \\fw\pc106
> >> HomeDir Drive:
> >> Logon Script:
> >> Profile Path:
> >> Domain: DOMAIN
> >> Account desc:
> >> Workstations:
> >> Munged dial:
> >> Logon time: 0
> >> Logoff time: 9223372036854775807 seconds since the Epoch
> >> Kickoff time: 9223372036854775807 seconds since the Epoch
> >> Password last set: Fri, 15 Apr 2011 10:17:59 MSK
> >> Password can change: Fri, 15 Apr 2011 10:17:59 MSK
> >> Password must change: never
> >> Last bad password : 0
> >> Bad password count : 0
> >> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> >> As you can see Logoff/Kickoff values are very strange and 'primary
> >> group
> >> sid' is null. That's about all users.
> >> It is an old-old "magic" samba 3.0.x db provisioned by another
> >> person a
> >> long time ago on FreeBSD 4.4 :)
> > Please let me know if this fixes it.
> The problem still exists.
> s4's pdbedit gives me another data, but it seems to use s4 db not s3,
> so it wouldn't help. May be some another data may help here?
> Also, I have to say that I gave you a wrong suggestion in my previous
> message that this is the same bug.
> The small domain problem is that all accounts are imported expired
> (accountexpires attr) and the fact they are not asked to change their
> passwords is normal, because accounts has already expired.
So, what I need to work out is what the value (at a time_t, integer
value since 1970) this is triggering with, so I can fix it.
Thinking about this again, I think this patch is what is required.
Please let me know.
> The big domain problem I've mentioned in my previous message is that if
> account's password expires (pwdlastset attr), it is not asked to change
> account's password via kinit and this is _not_ normal, because password
> has expired only, not account.
I still need to investigate this.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 797 bytes
Desc: not available
More information about the samba-technical