[Samba] Re: smbldap-tools and sambaPasswordMustChange

Misty Stanley-Jones misty at borkholder.com
Fri Jan 28 14:25:07 GMT 2005


On Thursday 27 January 2005 05:36 pm, news.gmane.org wrote:
> 2147483647 is a unix timestamp (number of seconds since some date in 1970)
> I believe.

Yes, for very far in the future.

I've been trying a few things.  I had OpenLDAP set to use "exop" to update the 
password.  I changed it to "clear".  I also took away the "pam password 
change = yes" in smb.conf because I don't know what it does.  I have "ldap 
password sync = yes" in there, but it looks like the right thing.

If I manually use "smbldap-passwd" to change a user's password, I get the 
following output:

30 82 01 2E 02 01 04 66 82 01 27 04 3D 63 6E 3D 0......f..'.=cn=
4D 69 73 74 79 20 53 74 61 6E 6C 65 79 2D 4A 6F Misty Stanley-Jo
6E 65 73 2C 6F 75 3D 70 65 6F 70 6C 65 2C 6F 75 nes,ou=people,ou
3D 43 4F 52 50 2C 64 63 3D 62 6F 72 6B 68 6F 6C =CORP,dc=mycomp
64 65 72 2C 64 63 3D 63 6F 6D 30 81 E5 30 3A 0A any,dc=com0..0:.
01 02 30 35 04 0F 73 61 6D 62 61 4C 4D 50 61 73 ..05..sambaLMPas
73 77 6F 72 64 31 22 04 20 44 34 36 44 43 37 46 sword1". blahblah
44 46 42 45 46 39 31 43 42 32 35 41 44 33 42 38 blahblahblahblah
33 46 41 36 36 32 37 43 37 30 1C 0A 01 02 30 17 blahblahblahblah.
04 0E 73 61 6D 62 61 41 63 63 74 46 6C 61 67 73 ..sambaAcctFlags
31 05 04 03 5B 55 5D 30 3A 0A 01 02 30 35 04 0F 1...[U]0:...05..
73 61 6D 62 61 4E 54 50 61 73 73 77 6F 72 64 31 sambaNTPassword1
22 04 20 36 34 43 45 42 36 30 37 34 46 45 31 37 ". blahblahblahblah
36 39 41 44 34 34 34 39 35 35 34 33 46 43 33 39 blahblahblahblahblah
42 35 34 30 24 0A 01 02 30 1F 04 0F 73 61 6D 62 bla$...0...samb
61 50 77 64 4C 61 73 74 53 65 74 31 0C 04 0A 31 aPwdLastSet1...1
31 30 36 39 32 31 38 38 31 30 27 0A 01 02 30 22 1069218810'...0"
04 12 73 61 6D 62 61 50 77 64 4D 75 73 74 43 68 ..sambaPwdMustCh
61 6E 67 65 31 0C 04 0A 31 31 31 34 36 39 37 38 ange1...11146978
38 31 __ __ __ __ __ __ __ __ __ __ __ __ __ __ 81

That date translates to Thu Apr 28 09:17:51 2005 which is perfect.  But it is 
not getting put into the LDAP server.

So I am wondering if this might be some openLDAP problem.  Will explore 
further.  One thing I am not sure about is why is there a 1 after every 
attribute name: sambaPwdMustChange1 ... might be some debug output thing 
though.

Misty



More information about the samba mailing list