samba-tool user setexpiry is broken in 4.7

Andreas Schneider asn at samba.org
Wed Aug 2 07:12:51 UTC 2017


On Wednesday, 2 August 2017 08:56:11 CEST Andrew Bartlett via samba-technical 
wrote:
> On Wed, 2017-08-02 at 08:27 +0200, Andreas Schneider via samba-
> 
> technical wrote:
> > On Wednesday, 2 August 2017 07:46:40 CEST Andreas Schneider via samba-
> > 
> > technical wrote:
> > > On Tuesday, 1 August 2017 19:14:02 CEST Rowland Penny wrote:
> > > > On Tue, 01 Aug 2017 18:07:52 +0200
> > > > Andreas Schneider via samba-technical
> > > > <samba-technical at lists.samba.org>
> > > > 
> > > > wrote:
> > > > > Hi,
> > > > > 
> > > > > The command 'samba-tool user setexpiry' doesn't work!
> > > > > 
> > > > > Reproducer:
> > > > > 
> > > > > make testenv SELFTEST_TESTENV=ad_member
> > > > > 
> > > > > $ bin/samba-tool user setexpiry alice --days=4 --URL=ldap://
> > > > > localdc.samba.example.com --username=administrator
> > > > > --password=locDCpass1 Expiry for user 'alice' set to 4 days.
> > > > > 
> > > > > $ bin/wbinfo --name-to-sid alice
> > > > > S-1-5-21-1321629873-2603511802-1948877269-1105 SID_USER (1)
> > > > > 
> > > > > $ bin/rpcclient ncacn_np:localdc -UAdministrator%locDCpass1 -c
> > > > > "queryuser 1105"
> > > > > User Name   :   alice
> > > > > ...
> > > > > Password last set Time   :      Tue, 01 Aug 2017 17:50:08 CEST
> > > > > Password must change Time:      Tue, 12 Sep 2017 17:50:08 CEST
> > > > > 
> > > > > 
> > > > > The must change time is 41 days away and not 4 days as set!
> > > > > 
> > > > > 
> > > > > Either the test python/samba/tests/samba_tool/user.py does not work
> > > > > as it should, or there is a bug in the rpc server.
> > > > 
> > > > Hi Andreas, I think you are getting a bit mixed up here, account
> > > > expiry
> > > > has nothing to do with the password.
> > > 
> > > Damn, how do you change the password expiration?
> > 
> > Check the attached patch, that irritated me.
> 
> I'm not sure that is correct.  I think the tool is just horribly
> confused, mixing the different expiry in the same command.
> 
> That option appears to control UF_DONT_EXPIRE_PASSWD, which is per-
> user.
> 
> Sorry,
> 
> Andrew Bartlett

Then I think it should be move to setpassword.


	Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org



More information about the samba-technical mailing list