[Samba] "ldap passwd sync" and shadow attributes
Eric A. Hall
ehall at ehsco.com
Tue Nov 1 03:55:30 GMT 2005
On 10/31/2005 4:41 PM, Andreas wrote:
> On Mon, Oct 31, 2005 at 02:08:01PM -0500, Eric A. Hall wrote:
>
>>On 10/31/2005 8:36 AM, Andreas wrote:
>>
>>>It seems the "ldap passwd sync" option doesn't set shadowLastChange, am
>>>I right? Without it, unix users could be prompted to change their
>>>password even though they have already done so via windows.
>>
>>This might depend on your package source. SUSE builds set all the shadow
>>stuff, even though I would prefer not using it.
>
> Is it a patch that SuSE applies to samba? I'm talking about the "ldap
> passwd sync" option in smb.conf(5) and its hability (or not) to change
> shadow attributes.
I just rechecked and am seeing the same thing you are: shadowLastChange
does not get updated.
[ 22:43:31 -- rhino:/mnt/home/root/ ]
[ root# ] ldapsearch -x uid=ijinnius | grep shadowLastChange
shadowLastChange: 13059
[ 22:45:28 -- rhino:/mnt/home/root/ ]
[ root# ] smbpasswd ijinnius
New SMB password:
Retype new SMB password:
[ 22:45:46 -- rhino:/mnt/home/root/ ]
[ root# ] ldapsearch -x uid=ijinnius | grep shadowLastChange
shadowLastChange: 13059
^^^^^ no change
Nor does it create the shadowLastChange attribute if it does not exist.
Actually this has me flummoxed, since I distinctly recollect that
shadowFlag (at the least) was getting set (it annoyed me), but even that
isn't happening anymore.
I also tried with usrmgr.exe and same (non-)results
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
More information about the samba
mailing list