[Samba] Accounts are getting disabled

Tilo Lutz TiloLutz at gmx.de
Mon Jul 5 07:01:21 GMT 2004 

> > On Sat, 3 Jul 2004, Tilo Lutz wrote:
> > > None of my acounts in ldap have set sambaPwdLastSet, even those
> > > acounts which became disabled. If I have understand you right,
> > > samba should not disable account if the attribute sambaPwdLastSet
> > > is not defined in ldap?

> On Mon, 2004-07-05 at 06:56, Gerald (Jerry) Carter wrote:
> > If the attribute is not defined smbd gives it an implicit value of 0.

> Andrew Bartlet wrote:
> If that's what caused the issue, then there is a bug (which I'm happy to
> look into and fix).  
> 	
> 	/* only reset a password if the last set time has been 
> 	   explicitly been set to zero.  A default last set time 
> 	   is ignored */
> 
> 	if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT) 
> 		&& (pdb_get_pass_last_set_time(pass) == 0) ) 
> 	{
> 		
> The intention of the logic was that if the value was undefined in LDAP,
> the flags would be set to PDB_DEFAULT and it would not be treated as
> 'defined as zero' for this test.

I take a closer look at my users:
Heres a ldap record (without password hashes) of saturday:
dn: uid=alexander-cristea,ou=kl-1g3,ou=people,dc=wms-hn,dc=de
userPassword:: e0NSWVBUfTE3NnUxQzA0ZDhCbG8=
shadowLastChange: 11947
sambaPwdLastSet: 1
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: top
objectClass: sambaSamAccount
cn: alexander-cristea
sn: alexander-cristea
uid: alexander-cristea
homeDirectory: /home/kl-1g3/alexander-cristea
gecos: "kl-1g3"
loginShell: /bin/sh
shadowMin: 1
shadowMax: 99999
shadowWarning: 14
sambaPwdMustChange: 1800000000
gidNumber: 112
sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1225
uidNumber: 5248
sambaSID: S-1-5-21-3371203057-3264423045-2392767973-11496
sambaProfilePath: \\WILMA2\profile
sambaAcctFlags: [UX        ]

The same user monday morning:
# alexander-cristea, kl-1g3, people, wms-hn.de
dn: uid=alexander-cristea,ou=kl-1g3,ou=people,dc=wms-hn,dc=de
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: top
objectClass: sambaSamAccount
cn: alexander-cristea
sn: alexander-cristea
uid: alexander-cristea
homeDirectory: /home/kl-1g3/alexander-cristea
gecos: "kl-1g3"
loginShell: /bin/sh
shadowMin: 1
shadowMax: 99999
shadowWarning: 14
sambaPwdMustChange: 1800000000
gidNumber: 112
sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1225
uidNumber: 5248
sambaSID: S-1-5-21-3371203057-3264423045-2392767973-11496
sambaProfilePath: \\WILMA2\profile
sambaAcctFlags: [DUX        ]

Again there's no logentrie in log.smbd (loglevel 2).
As you can see the account was disabled and sambaPwdLastSet was
removed.

Anything I can do to find the problem? Which loglevel should I
use?

Tilo

More information about the samba mailing list