[Samba] passdb.tdb not updated when changing passwords

simo idra at samba.org
Thu Aug 17 13:32:21 GMT 2006 

On Thu, 2006-08-17 at 15:24 +0200, Gianluca Cecchi wrote:
> I'm using samba on CentOS 3.7 (3.0.9 + rh patches)
> I had smbpasswd as backend and I'm testing migration to tdbsam.
> After exporting successfully to tdbsam and setting
> passdb backend = tdbsam
> in smb.conf
> if I change from inside a windows xp machine the password ot the user and then
> pdbedit-Lv user
> I get
> Logon time:           0
> Logoff time:          ven, 13 dic 1901 21:45:51 GMT
> Kickoff time:         ven, 13 dic 1901 21:45:51 GMT
> Password last set:    gio, 17 ago 2006 14:59:18 GMT
> Password can change:  ven, 18 ago 2006 14:59:18 GMT
> Password must change: lun, 16 ott 2006 14:59:18 GMT
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> 
> Questions:
> 1) it seems passdb.tdb is read but not written based on its timestamp
> Shouldn't it be modified with the new encrypted password? the same
> happens if for example I change full name of a user...
> Where are otherwise written these informations

some kernels have a bug that will prevent them from correctly updating
the mtime when mmpped files are changed and tdb usually is mmapped.

> 2) in the example above, the user cannot change today his password.
> What can I do to reset this for the user?

change the pass can change value, and set it to a time before the
present.

> 3) It seems that no --pwd-must-change-time option is working in my environment.
> Was this a late introducted feature?

3.0.9 is quite old, I would update anyway, later versions have more
options.

> 4) Does it exist for latest releases also the opportunity to change
> the "Password can change" date? something like --pwd-can-change-time
> option?

IIRC yes.

> Thanks in advance for your help
> Gianluca

Prego.

> PS: please tell me if any question regarding customized version of
> samba, such as RH, is automatically ignored by the gurus... this would
> be in some way acceptable but knowing it would at least save time for
> me.

It's not, but 3.0.9 is way too old, we recommend running the latest
samba versions for all the bugfixes and windows compatibility fixes we
introduce at each release.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org

More information about the samba mailing list