samba-tool user setexpiry is broken in 4.7
Rowland Penny
rpenny at samba.org
Wed Aug 2 06:31:15 UTC 2017
On Wed, 02 Aug 2017 07:46:40 +0200
Andreas Schneider <asn at samba.org> wrote:
> On Tuesday, 1 August 2017 19:14:02 CEST Rowland Penny wrote:
> > On Tue, 01 Aug 2017 18:07:52 +0200
> > Andreas Schneider via samba-technical
> > <samba-technical at lists.samba.org>
> >
> > wrote:
> > > Hi,
> > >
> > > The command 'samba-tool user setexpiry' doesn't work!
> > >
> > > Reproducer:
> > >
> > > make testenv SELFTEST_TESTENV=ad_member
> > >
> > > $ bin/samba-tool user setexpiry alice --days=4 --URL=ldap://
> > > localdc.samba.example.com --username=administrator
> > > --password=locDCpass1 Expiry for user 'alice' set to 4 days.
> > >
> > > $ bin/wbinfo --name-to-sid alice
> > > S-1-5-21-1321629873-2603511802-1948877269-1105 SID_USER (1)
> > >
> > > $ bin/rpcclient ncacn_np:localdc -UAdministrator%locDCpass1 -c
> > > "queryuser 1105"
> > > User Name : alice
> > > ...
> > > Password last set Time : Tue, 01 Aug 2017 17:50:08 CEST
> > > Password must change Time: Tue, 12 Sep 2017 17:50:08 CEST
> > >
> > >
> > > The must change time is 41 days away and not 4 days as set!
> > >
> > >
> > > Either the test python/samba/tests/samba_tool/user.py does not
> > > work as it should, or there is a bug in the rpc server.
> >
> > Hi Andreas, I think you are getting a bit mixed up here, account
> > expiry has nothing to do with the password.
>
> Damn, how do you change the password expiration?
>
I don't think you can do this for an individual user. As far as I am
aware, it is an interaction between the users pwdLastSet attribute and
the domain maxPwdAge attribute.
Rowland
More information about the samba-technical
mailing list