[PATCH] Fix pwdLastSet behaviour in regards to Windows

Stefan Metzmacher metze at samba.org
Mon Jan 18 07:33:26 UTC 2016

Hi Adrian,

Am 17.01.2016 um 22:00 schrieb adrianc at catalyst.net.nz:
> Here's a patch for fixing https://bugzilla.samba.org/show_bug.cgi?id=9654

The password_hash module is handling some parts of the pwdLastSet already.

I think it's also the place where we should handle the "0" and "-1" handling
and we should completely match windows here and doesn't allow any other

For internal callers, e.g the SAMR server we may need a control in order to
bypass the restriction. Where did you see problems with your patch
during provision?
In general I'd say provision should not set pwdLastSet, but we can check
LDB_CONTROL_PROVISION_OID. We also seem to have

I already started with a patch a while ago, see:


But I don't remember what the remaining problems where.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160118/d6a4ad5a/signature.sig>

More information about the samba-technical mailing list