[Samba] "ldap passwd sync" and shadow attributes

Eric A. Hall ehall at ehsco.com
Tue Nov 1 03:55:30 GMT 2005


On 10/31/2005 4:41 PM, Andreas wrote:
> On Mon, Oct 31, 2005 at 02:08:01PM -0500, Eric A. Hall wrote:
> 
>>On 10/31/2005 8:36 AM, Andreas wrote:
>>
>>>It seems the "ldap passwd sync" option doesn't set shadowLastChange, am
>>>I right? Without it, unix users could be prompted to change their
>>>password even though they have already done so via windows.
>>
>>This might depend on your package source. SUSE builds set all the shadow
>>stuff, even though I would prefer not using it.
> 
> Is it a patch that SuSE applies to samba? I'm talking about the "ldap
> passwd sync" option in smb.conf(5) and its hability (or not) to change
> shadow attributes.

I just rechecked and am seeing the same thing you are: shadowLastChange
does not get updated.

[ 22:43:31 -- rhino:/mnt/home/root/ ]
[ root# ] ldapsearch -x uid=ijinnius | grep shadowLastChange
shadowLastChange: 13059

[ 22:45:28 -- rhino:/mnt/home/root/ ]
[ root# ] smbpasswd ijinnius
New SMB password:
Retype new SMB password:

[ 22:45:46 -- rhino:/mnt/home/root/ ]
[ root# ] ldapsearch -x uid=ijinnius | grep shadowLastChange
shadowLastChange: 13059
                  ^^^^^ no change

Nor does it create the shadowLastChange attribute if it does not exist.
Actually this has me flummoxed, since I distinctly recollect that
shadowFlag (at the least) was getting set (it annoyed me), but even that
isn't happening anymore.

I also tried with usrmgr.exe and same (non-)results

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/


More information about the samba mailing list