[Samba] Strange behaviour of samba-3.0.2rc2

Andrew Bartlett abartlet at samba.org
Tue Feb 10 07:42:34 GMT 2004

On Tue, 2004-02-10 at 02:42, Nishant Sharma wrote:
> Hi!

> On comparing the LDAP attributes of the users whose passwd I had reset and
> of those I didn't, I observed that when the value of the following
> three attributes are set to '0'(zero) for a user, he was not able to
> login:
> sambaPwdLastSet
> sambaPwdCanChange
> sambaPwdMustChange
> In Samba-3.0.0-2, if these values were set to 0, the user was prompted to
> change his password at the time of first logon saying that his password
> has expired. But with Samba-3.0.2rc2, login was not possible. Only on
> removing these three attributes or resetting their values, which is done
> by 'smbpasswd', logins were possible.
> It would be helpful if someone could enlighten me on this issue. Thanks in
> advance.

Quite correct.  If the password was last set in 1970, then we consider
that it might be a bogus password (see the security annoucement about
mksmbpasswd.sh for 3.0.2).

Either do not set that attribute, or set it to a valid value.

(The other values are unaffected).

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040210/8cb4e6d1/attachment.bin

More information about the samba mailing list