[Samba] pdbedit problems

Jason Baker jbaker at glastender.com
Thu Jan 11 19:31:29 GMT 2007 

Greetings,
I am running samba-3.0.10-1.4E.9 installed from rpm on CentOS 4.4. I 
have it configured as a PDC. It is using the /passdb backend = tdbsam/ 
backend. I am using /pdbedit/ to make some configuration changes to user 
passwords. I would like to expire a users password, so that they are 
required to change it the next time they log in. From all that I have 
read in on-line resources (including the Samba How To), it says to run 
the following command (this should effect the individual user).

    /pdbedit --pwd-must-change-time="2007-01-01"
    --time-format="%y-%m-%d" test
    /

It however only returns: /
/

    /test:501:Victor Aluicious Laan.
    /

If I enter /pdbedit -Lv/ test, I see the following:

    /[root at ASTER ~]# pdbedit -Lv test/
    /Unix username:        test/
    /NT username:/
    /Account Flags:        [U          ]/
    /User SID:             S-1-5-21-3030426004-1519544323-488087672-2002/
    /Primary Group SID:    S-1-5-21-3030426004-1519544323-488087672-2003/
    /Full Name:            Victor Aluicious Laan/
    /Home Directory:       \\aster\test/
    /HomeDir Drive:        U:/
    /Logon Script:         test.bat/
    /Profile Path:         \\aster\profiles\test/
    /Domain:               GLASTENDERNET/
    /Account desc:/
    /Workstations:/
    /Munged dial:/
    /Logon time:           0/
    /Logoff time:          Mon, 18 Jan 2038 22:14:07 GMT/
    /Kickoff time:         Mon, 18 Jan 2038 22:14:07 GMT/
    /Password last set:    Thu, 11 Jan 2007 12:54:40 GMT/
    /Password can change:  Thu, 11 Jan 2007 12:54:40 GMT/
    /Password must change: Mon, 18 Jan 2038 22:14:07 GMT/
    /Last bad password   : Thu, 11 Jan 2007 12:49:51 GMT/
    /Bad password count  : 2/
    /Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF/

I can run: /pdbedit -r --fullname="Change to Test" test /and it will 
indeed change the Full Name, so I know it is working in some form.

    /[root at ASTER ~]# pdbedit -Lv test/
    /Unix username:        test/
    /NT username:/
    /Account Flags:        [U          ]/
    /User SID:             S-1-5-21-3030426004-1519544323-488087672-2002/
    /Primary Group SID:    S-1-5-21-3030426004-1519544323-488087672-2003/
    /Full Name:            Change to Test/
    /Home Directory:       \\aster\test
    <cut>
    /

I have searched the Samba mailing list archives and have found a few 
other's who have asked this same question, but haven't found any 
resolutions. Is there an easier way to instantly make a samba password 
expired so that a user has to change their password on the next login? I 
know many of you will answer that I should change to LDAP, that may be 
so, but the documentation claims this should work in /tdbsam/ but yet it 
seems to not work. Any advice would be helpful.
-- 

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

More information about the samba mailing list