Improve badPwdCount, lastLogon and logonCount updates

Andrew Bartlett abartlet at samba.org
Mon Jun 27 08:40:09 UTC 2016 

On Mon, 2016-06-27 at 19:01 +1200, Andrew Bartlett wrote:
> On Mon, 2016-06-27 at 07:25 +0200, Stefan Metzmacher wrote:
> > Hi Andrew,
> > 
> > > > here're some patches to improve the badPwdCount, lastLogon
> > > > and logonCount updates.
> > > > 
> > > > See
> > > > https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/
> > > > he
> > > > ads/
> > > > master4-smart-base
> > > > This is on top of
> > > > https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/
> > > > he
> > > > ads/
> > > > master4-pwdlastset.
> > > > I don't know if it would also apply independently...
> > > > 
> > > > We may need to add some BUG: markers, but you can start the
> > > > review...
> > > 
> > > I've reviewed the bulk of these for pwdLastSet, and have started
> > > an
> > > autobuild with them, except for the code to force specific
> > > replPropertyMetaData values, which both didn't seem to be related
> > > and
> > > broke the repl_move test.
> > 
> > Can you be more specific about that? what did you skip? What did it
> > break?
> 
> Run 'make test TESTS=repl_move'
> 
> The check for expected replPropertyMetaData values in particular.
> 
> > It seems that the repl_move test is flakey, like other related
> > ones.
> 
> That is different, and both Garming and I have posted a patch for
> that
> (the schema reload patch, both the HACK patch and a potential fix). 
>  I
> intend to review Garming's rework of my schema patch tomorrow.
> 
> > 
> > > Thanks for your patience.  I'm continuing my review of the rest
> > > of
> > > msater4-smart-tmp, which seems to be where the lastLogon and
> > > logonCount
> > > patches are.
> > 
> > I reordered the patchsets, while adding the BUG markers.
> > 
> > It's now like this:
> > 
> > master4-pwdlastset => master4-smart-ok => master4-smart-tmp
> >                                        => master4-gpgme
> > 
> > These are all ready from my side.
> 
> Thanks.  Expect some of those to be in autobuild in the next few
> days. 

Can you clarify exactly which tests you have run against what versions
of Windows during these changes?  I'm not having success getting sam.py
to run against my patched Windows 2012R2, nor password_lockout.py, and
I'm not sure if this is a local issue or if the updates (Samba or
windows) have broken something. 

I'm seeing a lot of:

LdbError: (53, 'LDAP error 53 LDAP_UNWILLING_TO_PERFORM -  <00002011:
SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n> <>')

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list