samba3upgrade migration results, issues, questions

Sergey Urushkin urushkin at telros.ru
Mon May 7 06:17:55 MDT 2012 


Andrew Bartlett писал 07.05.2012 14:48:
> On Mon, 2012-05-07 at 19:23 +1000, Andrew Bartlett wrote:
>> On Mon, 2012-05-07 at 13:12 +0400, Sergey Urushkin wrote:
>> >
>> > Andrew Bartlett писал 07.05.2012 02:30:
>> > > On Fri, 2012-05-04 at 15:46 +0400, Sergey Urushkin wrote:
>> > >
>> > >>
>> > >> Backing to the small domain... seems it's not the same bug.
>> > >> There I have max-pwd-age=0, but the problem still exists. Using
>> > >> ldbsearch I found that all accounts "accountExpires" attribute 
>> is
>> > >> set to
>> > >> "116444735990000000" (23:59:59 - 01.01.1970).
>> > >> Setting it to a lager value e.g. "136444735990000000" (2033y) 
>> fixes
>> > >> account. So, I tried to view s3.0 tdb account via s3.6 pdbedit 
>> tool:
>> > >>
>> > >> Unix username:        pc106
>> > >> NT username:
>> > >> Account Flags:        [U          ]
>> > >> User SID:             
>> S-1-5-21-2558268738-2209604249-3907695097-3026
>> > >> Primary Group SID:    (NULL SID)
>> > >> Full Name:            Samba_User &
>> > >> Home Directory:       \\fw\pc106
>> > >> HomeDir Drive:
>> > >> Logon Script:
>> > >> Profile Path:
>> > >> Domain:               DOMAIN
>> > >> Account desc:
>> > >> Workstations:
>> > >> Munged dial:
>> > >> Logon time:           0
>> > >> Logoff time:          9223372036854775807 seconds since the 
>> Epoch
>> > >> Kickoff time:         9223372036854775807 seconds since the 
>> Epoch
>> > >> Password last set:    Fri, 15 Apr 2011 10:17:59 MSK
>> > >> Password can change:  Fri, 15 Apr 2011 10:17:59 MSK
>> > >> Password must change: never
>> > >> Last bad password   : 0
>> > >> Bad password count  : 0
>> > >> Logon hours         : 
>> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>> > >>
>> > >> As you can see Logoff/Kickoff values are very strange and 
>> 'primary
>> > >> group
>> > >> sid' is null. That's about all users.
>> > >> It is an old-old "magic" samba 3.0.x db provisioned by another
>> > >> person a
>> > >> long time ago on FreeBSD 4.4 :)
>> > >
>> > > Please let me know if this fixes it.
>> > >
>> > The problem still exists.
>> >
>> > s4's pdbedit gives me another data, but it seems to use s4 db not 
>> s3,
>> > so it wouldn't help. May be some another data may help here?
>> >
>> > Also, I have to say that I gave you a wrong suggestion in my 
>> previous
>> > message that this is the same bug.
>> > The small domain problem is that all accounts are imported expired
>> > (accountexpires attr) and the fact they are not asked to change 
>> their
>> > passwords is normal, because accounts has already expired.
>>
>> So, what I need to work out is what the value (at a time_t, integer
>> value since 1970) this is triggering with, so I can fix it.
>>
>> Thinking about this again, I think this patch is what is required.
>> Please let me know.
>
> (corrected patch attached)

Well, seems this issue is also fixed - kinit works fine after patching 
and I can see that astronomic meaningless values in the accountexpires 
attribute. Thank you.
>
>> > The big domain problem I've mentioned in my previous message is 
>> that if
>> > account's password expires (pwdlastset attr), it is not asked to 
>> change
>> > account's password via kinit and this is _not_ normal, because 
>> password
>> > has expired only, not account.
>>
>> I still need to investigate this.
Will hopefully wait for results, please let me know about it.

-- 
Best regards,
Sergey Urushkin

More information about the samba-technical mailing list