samba-tool user setexpiry is broken in 4.7

Andrew Bartlett abartlet at samba.org
Wed Aug 2 06:56:11 UTC 2017 

On Wed, 2017-08-02 at 08:27 +0200, Andreas Schneider via samba-
technical wrote:
> On Wednesday, 2 August 2017 07:46:40 CEST Andreas Schneider via samba-
> technical wrote:
> > On Tuesday, 1 August 2017 19:14:02 CEST Rowland Penny wrote:
> > > On Tue, 01 Aug 2017 18:07:52 +0200
> > > Andreas Schneider via samba-technical <samba-technical at lists.samba.org>
> > > 
> > > wrote:
> > > > Hi,
> > > > 
> > > > The command 'samba-tool user setexpiry' doesn't work!
> > > > 
> > > > Reproducer:
> > > > 
> > > > make testenv SELFTEST_TESTENV=ad_member
> > > > 
> > > > $ bin/samba-tool user setexpiry alice --days=4 --URL=ldap://
> > > > localdc.samba.example.com --username=administrator
> > > > --password=locDCpass1 Expiry for user 'alice' set to 4 days.
> > > > 
> > > > $ bin/wbinfo --name-to-sid alice
> > > > S-1-5-21-1321629873-2603511802-1948877269-1105 SID_USER (1)
> > > > 
> > > > $ bin/rpcclient ncacn_np:localdc -UAdministrator%locDCpass1 -c
> > > > "queryuser 1105"
> > > > User Name   :   alice
> > > > ...
> > > > Password last set Time   :      Tue, 01 Aug 2017 17:50:08 CEST
> > > > Password must change Time:      Tue, 12 Sep 2017 17:50:08 CEST
> > > > 
> > > > 
> > > > The must change time is 41 days away and not 4 days as set!
> > > > 
> > > > 
> > > > Either the test python/samba/tests/samba_tool/user.py does not work
> > > > as it should, or there is a bug in the rpc server.
> > > 
> > > Hi Andreas, I think you are getting a bit mixed up here, account expiry
> > > has nothing to do with the password.
> > 
> > Damn, how do you change the password expiration?
> 
> Check the attached patch, that irritated me.

I'm not sure that is correct.  I think the tool is just horribly
confused, mixing the different expiry in the same command. 

That option appears to control UF_DONT_EXPIRE_PASSWD, which is per-
user. 

Sorry,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list