[Samba] passdb.tdb not updated when changing passwords

simo idra at samba.org
Thu Aug 17 14:10:08 GMT 2006

On Thu, 2006-08-17 at 16:02 +0200, Gianluca Cecchi wrote:


> but passdb.tdb remains updated at 15.40.
> Where does pdbedit read in this case?

It reads for passdb.tdb, it's a kernel bug that the mtime is not updated
when you change an mmpped file content.

> > > 2) in the example above, the user cannot change today his password.
> > > What can I do to reset this for the user?
> >
> > change the pass can change value, and set it to a time before the
> > present.
> >
> the problem is that the domain policy about 1 day as min pass age is
> applied when password has been changed it seems I cannot change this
> after done..

what about changing the policy? see pdbedit -p to do that.

however pdbedit can change that field with:
pdbedit --pwd-can-change-time=STRING
(eventually using --time-format=STRING for easier date representation)

> the problems is that, basically for package mainteneance and
> interdependency reasons IIRC, when rh starts a new release, such as RH
> EL3, it begins a base release for a package, so that at the beginning
> samba on RH EL 3 was based on 3.0.9. Then when updates comes, all the
> new updated packages are named incrementally but with the same base.
> Now with RH EL 3 update 7 they are at samba-3.0.9-1.3E.7 but actually
> it has many features come after 3.0.9 release and it is difficult to
> trace it down. You can see the changelog for a package with the
> command
> rpm -q --changelog package
> for example with samba you get many lines. Some of them:
> * mar nov 29 2005 Jay Fenlason <fenlason at redhat.com> 0:3.0.9-1.3E.7
> - Remove the -plaintext patch, since it didn't make the CANFIX list for
>   RHEL3-U7
> [snip]
> * lun dic 13 2004 Jay Fenlason <fenlason at redhat.com> 3.0.9-1.3E.1
> - Add patches from Jerry Carter <jerry at samba.org> to close CAN-2004-1154
> - Add post-3.0.9 printing patch from Jerry Carter <jerry at samba.org>
> - Modify the -printing patch to work with the CAN-2004-1154 patch.
> - Disable the non-ascii domain patch because it conflicts with the
>   CAN-2004-1154 patch
> - Add %dir /var/run/winbindd to this spec file.

These are just backported security fixes, non new functionality and
functionality fixes are added, See samba.org for rpm packages if you
want to upgrade.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba mailing list