[Samba] Samba4 pwdLastSet Attribute

Thomas Simmons twsnnva at gmail.com
Wed Feb 20 11:23:28 MST 2013

Hello Matthias & Matthieu,

I have updated the bug report with the following comment:


I have completed some further testing on this issue:

1) I have verified that Windows 2008R2 behaves the same as Windows 2000 (it
only accepts 0 and -1 when using an "LDAP editor"). A value of 0 is
accepted and saved and a value of -1 is saved as the current timestamp.
This appears to happen instantaneously as I save the value as -1, but my
LDAP editor reports back with the current timestamp after the save
operation is completed. It also behaves like W2K in that I cannot change
the value from a timestamp to -1 without first setting the value to 0.
Behavior also matches W2K when using ADUC, in that checking "user must
change..." sets this attribute to 0 and unchecking it sets it to the
current timestamp. When I do the same using ADUC and a Samba4 server,
checking the box sets the value to 0 and unchecking it sets the value to -1.

2) As a normal user, I cannot alter this value via an LDAP Editor in W2K,
W2K8R2 or Samba4.

On Tue, Feb 19, 2013 at 3:18 AM, Matthias Dieter Wallnöfer <mdw at samba.org>wrote:

> I think this is covered by bug #9654: https://bugzilla.samba.org/**
> show_bug.cgi?id=9654 <https://bugzilla.samba.org/show_bug.cgi?id=9654>
> Matthieu Patou schrieb:
>  Ok, sorry I might have mis-understood the problem with the 0 and the -1.
>> Please fill a bug report explicitly speaking about the -1 case that
>> should be handled in a different way.
>> Matthieu.

More information about the samba-technical mailing list