[Samba] pdbedit problems

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Sat Jan 13 00:37:20 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/11/2007 05:31 PM, Jason Baker escreveu:
> Greetings,
> I am running samba-3.0.10-1.4E.9 installed from rpm on 
> CentOS 4.4.

	Just as a side note, you should update your samba, the
3.0.14 and the 3.0.2x series have great improvements and lots
of bugfixes.


> I have it configured as a PDC. It is using the /passdb 
> backend = tdbsam/ backend. I am using /pdbedit/ to make
> some configuration changes to user passwords. I would
> like to expire a users password, so that they are
> required to change it the next time they log in.

	You should set zero to the MustChange field.


> From all that I have read in on-line resources (including 
> the Samba How To), it says to run the following command
> (this should effect the individual user).
> 
>    /pdbedit --pwd-must-change-time="2007-01-01"
>    --time-format="%y-%m-%d" test
>    /

	Instead of doing that, try to just set '0' to the
field, it should require that the user 'test' change the
password on next logon.

	BTW, if I'm not wrong, you should use an uppercase
"y" for year: "%Y-%m-%d".


> It however only returns: /
>    /test:501:Victor Aluicious Laan.
> 
> If I enter /pdbedit -Lv/ test, I see the following:
>    /[root at ASTER ~]# pdbedit -Lv test/
>    /Unix username:        test/
>    /NT username:/
>    /Account Flags:        [U          ]/
>    /User SID:             S-1-5-21-3030426004-1519544323-488087672-2002/
>    /Primary Group SID:    S-1-5-21-3030426004-1519544323-488087672-2003/
>    /Full Name:            Victor Aluicious Laan/
>    /Home Directory:       \\aster\test/
>    /HomeDir Drive:        U:/
>    /Logon Script:         test.bat/
>    /Profile Path:         \\aster\profiles\test/
>    /Domain:               GLASTENDERNET/
>    /Account desc:/
>    /Workstations:/
>    /Munged dial:/
>    /Logon time:           0/
>    /Logoff time:          Mon, 18 Jan 2038 22:14:07 GMT/
>    /Kickoff time:         Mon, 18 Jan 2038 22:14:07 GMT/
>    /Password last set:    Thu, 11 Jan 2007 12:54:40 GMT/
>    /Password can change:  Thu, 11 Jan 2007 12:54:40 GMT/
>    /Password must change: Mon, 18 Jan 2038 22:14:07 GMT/
>    /Last bad password   : Thu, 11 Jan 2007 12:49:51 GMT/
>    /Bad password count  : 2/
>    /Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF/
> 
> I can run: /pdbedit -r --fullname="Change to Test" test /and it will
> indeed change the Full Name, so I know it is working in some form.
> 
>    /[root at ASTER ~]# pdbedit -Lv test/
>    /Unix username:        test/
>    /NT username:/
>    /Account Flags:        [U          ]/
>    /User SID:             S-1-5-21-3030426004-1519544323-488087672-2002/
>    /Primary Group SID:    S-1-5-21-3030426004-1519544323-488087672-2003/
>    /Full Name:            Change to Test/
>    /Home Directory:       \\aster\test
>    <cut>
>    /
> 
> I have searched the Samba mailing list archives and have found a few
> other's who have asked this same question, but haven't found any
> resolutions. Is there an easier way to instantly make a samba password
> expired so that a user has to change their password on the next login? 

	There is always helper tools like Samba Console, SWAT or
the MS Windows usrmgr.


> I know many of you will answer that I should change to LDAP, that may be
> so, but the documentation claims this should work in /tdbsam/ but yet it
> seems to not work. Any advice would be helpful.


	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFqCm/Cj65ZxU4gPQRAiXNAKCgZOMKhhlkpwfYEHOKHnD1j+IFrACdGYBf
4ctcw4yurDTss/FCRiuCz8w=
=Fa3A
-----END PGP SIGNATURE-----


More information about the samba mailing list