[Samba] passdb.tdb not updated when changing passwords

simo idra at samba.org
Thu Aug 17 14:10:08 GMT 2006


On Thu, 2006-08-17 at 16:02 +0200, Gianluca Cecchi wrote:

[snip]

> but passdb.tdb remains updated at 15.40.
> Where does pdbedit read in this case?

It reads for passdb.tdb, it's a kernel bug that the mtime is not updated
when you change an mmpped file content.

> > > 2) in the example above, the user cannot change today his password.
> > > What can I do to reset this for the user?
> >
> > change the pass can change value, and set it to a time before the
> > present.
> >
> the problem is that the domain policy about 1 day as min pass age is
> applied when password has been changed it seems I cannot change this
> after done..

what about changing the policy? see pdbedit -p to do that.

however pdbedit can change that field with:
pdbedit --pwd-can-change-time=STRING
(eventually using --time-format=STRING for easier date representation)

> the problems is that, basically for package mainteneance and
> interdependency reasons IIRC, when rh starts a new release, such as RH
> EL3, it begins a base release for a package, so that at the beginning
> samba on RH EL 3 was based on 3.0.9. Then when updates comes, all the
> new updated packages are named incrementally but with the same base.
> Now with RH EL 3 update 7 they are at samba-3.0.9-1.3E.7 but actually
> it has many features come after 3.0.9 release and it is difficult to
> trace it down. You can see the changelog for a package with the
> command
> rpm -q --changelog package
> for example with samba you get many lines. Some of them:
> 
> * mar nov 29 2005 Jay Fenlason <fenlason at redhat.com> 0:3.0.9-1.3E.7
> 
> - Remove the -plaintext patch, since it didn't make the CANFIX list for
>   RHEL3-U7
> [snip]
> * lun dic 13 2004 Jay Fenlason <fenlason at redhat.com> 3.0.9-1.3E.1
> 
> - Add patches from Jerry Carter <jerry at samba.org> to close CAN-2004-1154
> - Add post-3.0.9 printing patch from Jerry Carter <jerry at samba.org>
> - Modify the -printing patch to work with the CAN-2004-1154 patch.
> - Disable the non-ascii domain patch because it conflicts with the
>   CAN-2004-1154 patch
> - Add %dir /var/run/winbindd to this spec file.

These are just backported security fixes, non new functionality and
functionality fixes are added, See samba.org for rpm packages if you
want to upgrade.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba mailing list