[Samba] D flag at sambaAcctFlags
guilhermemtorresbase-lista at yahoo.com.br
guilhermemtorresbase-lista at yahoo.com.br
Thu Nov 17 22:41:41 GMT 2005
Hello Gerald,
after your explanation, I added the attribute
"sambaPwdLastSet" to all my users with a non-zero
value, but I still getting the "D" flag at
sambaAcctFlags.
Do you know which log level I must use in OpenLDAP to
try to see when the server turns on the D flag? I will
copy two ldif´s of my user´s to help you understand
the problem.
This user tryed do logon after I inserted the
sambaPwdLastSet attribute.
---------
# User 1: uid=dlc,ou=Users,dc=grad,dc=br
dn: uid=dlc,ou=Users,dc=grad,dc=br
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: sambaSamAccount
uid: dlc
cn: Diogo Costa
sn: Solari
uidNumber: 287
gidNumber: 127
gecos: Diogo Costa
shadowLastChange: 13012
shadowMax: 99999
shadowWarning: 7
sambaSID:
S-1-5-21-3890934015-1816655379-4264717526-1574
homeDirectory: /export/home/dlc
loginShell: /bin/bash
sambaAcctFlags: [DU ]
sambaLMPassword: B261D7CB831A55D1AAD3B435B51404EE
sambaNTPassword: 3BD3653953CD04F6D0D249CA4B3A9F3D
sambaPwdLastSet: 1132249024
sambaPwdMustChange: 1136137024
userPassword: {SSHA}8HtN9WhAQ491H8GWqrlpwEMw3BNC
----------
----------
This user don´t have some samba attributes yet, but
got the D flag and didn´t try to logon after the
insertion of the sambaPwdLastSet
# User 2: uid=east,ou=Users,dc=grad,dc=br
dn: uid=east,ou=Users,dc=grad,dc=br
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: sambaSamAccount
uid: east
cn: Evandro Souza
sn: Souza
userPassword: {crypt}WP9DoLbxvCRMP
uidNumber: 124
gidNumber: 127
gecos: Evandro Souza
shadowLastChange: 13012
shadowMax: 99999
shadowWarning: 7
sambaSID:
S-1-5-21-3890934015-1816655379-4264717526-1248
homeDirectory: /export/home/east
loginShell: /bin/bash
sambaPwdLastSet: 1130851923
sambaAcctFlags: [DU ]
-----------
Thanks a lot.
--- "Gerald (Jerry) Carter" <jerry at samba.org>
escreveu:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> guilhermemtorresbase-lista at yahoo.com.br wrote:
> > Hello,
> >
> > I have a server with Samba(3.0.13-1.1)/OpenLDAP
> and
> > sometimes my users get a D flag at sambaAcctFlags.
> >
> > There are some users that don´t have all the samba
> > attributes yet.
> >
> > I would like to know why it happens. Which
> > actions/attributes can tell to samba turn de D
> flag
> > on?
>
> Please read the release notes for 3.0.2a. User's
> without
> a valid sambaPwdLastSet time are disabled.
>
>
>
> ******************* Attention! Achtung! Kree!
> *********************
>
> Beginning with Samba 3.0.2, passwords for accounts
> with a last
> change time (LCT-XXX in smbpasswd, sambaPwdLastSet
> attribute in
> ldapsam, etc...) of zero (0) will be regarded as
> uninitialized
> strings. This will cause authentication to fail for
> such
> accounts. If you have valid passwords that meet
> this criteria,
> you must update the last change time to a non-zero
> value. If you
> do not, then 'pdbedit
> --force-initialized-passwords' will disable
> these accounts and reset the password hashes to a
> string of X's.
>
> ******************* Attention! Achtung! Kree!
> *********************
>
>
>
>
>
>
> cheers, jerry
>
=====================================================================
> Alleviating the pain of Windows(tm) -------
> http://www.samba.org
> GnuPG Key -----
> http://www.plainjoe.org/gpg_public.asc
> "There's an anonymous coward in all of us."
> --anonymous
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird -
> http://enigmail.mozdev.org
>
>
iD8DBQFDegndIR7qMdg1EfYRAhGzAKDCtonsGXYXGLzHVKwYdPe8DvE+awCg3rXQ
> GBfjy7n94sDvrxi0xD/oOzU=
> =mrm4
> -----END PGP SIGNATURE-----
>
_______________________________________________________
Yahoo! Acesso Grátis: Internet rápida e grátis.
Instale o discador agora!
http://br.acesso.yahoo.com/
More information about the samba
mailing list