[Samba] Accounts are getting dsiabled
Andrew Bartlett
abartlet at samba.org
Sun Jul 4 22:30:51 GMT 2004
On Mon, 2004-07-05 at 06:56, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sat, 3 Jul 2004, Tilo Lutz wrote:
>
> > None of my acounts in ldap have set sambaPwdLastSet, even those acounts
> > which became disabled. If I have understand you right, samba should not
> > disable account if the attribute sambaPwdLastSet is not defined in ldap?
>
> If the attribute is not defined smbd gives it an implicit value of 0.
If that's what caused the issue, then there is a bug (which I'm happy to
look into and fix).
/* only reset a password if the last set time has been
explicitly been set to zero. A default last set time
is ignored */
if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT)
&& (pdb_get_pass_last_set_time(pass) == 0) )
{
The intention of the logic was that if the value was undefined in LDAP,
the flags would be set to PDB_DEFAULT and it would not be treated as
'defined as zero' for this test.
Andrew Bartlett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040705/e255bfb5/attachment.bin
More information about the samba
mailing list