Improve badPwdCount, lastLogon and logonCount updates

Stefan Metzmacher metze at
Mon Jun 27 11:50:09 UTC 2016

Hi Andrew,

>>>>> here're some patches to improve the badPwdCount, lastLogon
>>>>> and logonCount updates.
>>>>> See
>>>>> he
>>>>> ads/
>>>>> master4-smart-base
>>>>> This is on top of
>>>>> he
>>>>> ads/
>>>>> master4-pwdlastset.
>>>>> I don't know if it would also apply independently...
>>>>> We may need to add some BUG: markers, but you can start the
>>>>> review...
>>>> I've reviewed the bulk of these for pwdLastSet, and have started
>>>> an
>>>> autobuild with them, except for the code to force specific
>>>> replPropertyMetaData values, which both didn't seem to be related
>>>> and
>>>> broke the repl_move test.
>>> Can you be more specific about that? what did you skip? What did it
>>> break?
>> Run 'make test TESTS=repl_move'
>> The check for expected replPropertyMetaData values in particular.
>>> It seems that the repl_move test is flakey, like other related
>>> ones.
>> That is different, and both Garming and I have posted a patch for
>> that
>> (the schema reload patch, both the HACK patch and a potential fix). 
>>  I
>> intend to review Garming's rework of my schema patch tomorrow.
>>>> Thanks for your patience.  I'm continuing my review of the rest
>>>> of
>>>> msater4-smart-tmp, which seems to be where the lastLogon and
>>>> logonCount
>>>> patches are.
>>> I reordered the patchsets, while adding the BUG markers.
>>> It's now like this:
>>> master4-pwdlastset => master4-smart-ok => master4-smart-tmp
>>>                                        => master4-gpgme
>>> These are all ready from my side.
>> Thanks.  Expect some of those to be in autobuild in the next few
>> days. 
> Can you clarify exactly which tests you have run against what versions
> of Windows during these changes?  I'm not having success getting
> to run against my patched Windows 2012R2, nor, and
> I'm not sure if this is a local issue or if the updates (Samba or
> windows) have broken something. 
> I'm seeing a lot of:
> LdbError: (53, 'LDAP error 53 LDAP_UNWILLING_TO_PERFORM -  <00002011:
> SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n> <>')

I also had this a lot, the thing is that minPwdLength not "0".
But this is also a problem with a lot of the existing tests, that's
why I didn't dare to chance it for all tests.

When I set minPwdLength = 0 on the server and install all updates on

With that the following works for me:

source4/dsdb/tests/python/ w2012r2-188.w2012r2-l6.base
-Uadministrator%A1b2C3d4 -W W2012R2-L6 --realm w2012r2-l6.base

w2012r2-188.w2012r2-l6.base -Uadministrator%A1b2C3d4 -W W2012R2-L6
--realm w2012r2-l6.base

w2012r2-188.w2012r2-l6.base -Uadministrator%A1b2C3d4 -W W2012R2-L6
--realm w2012r2-l6.base


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list