[Samba] [Urgent] Cannot make changes via pdbedit
Edmundo Valle Neto
edmundo.valle at terra.com.br
Tue Jul 17 23:40:13 GMT 2007
Jason Baker escreveu:
> I have been having some problems since I updated from Samba 3.0.23 to
> 3.0.25b. I have installed the latest version of smbldap-tools but I am
> still not able to make certain changes to a user's account. I have
> created a new user named JROLFE.
> After I set up a new user, I will set it so they are required to
> change their password when they first login. I usually do this through
> LDAP Account Manager.
> I set User can change password to a date in the past and User must
> change password to a date in the past. But for some reason it didn't
> work. If I run pdbedit -Lv -u jrolfe, I get:
> Password last set: Mon, 01 Jan 2007 03:00:00 EST
> Password can change: Mon, 08 Jan 2007 03:00:00 EST
> Password must change: never
> If I run ../smbldap-usershow jrolfe, I get:
> sambaPwdCanChange: 1183795200
> sambaPwdLastSet: 1167638400
> sambaPwdMustChange: 1167638400
> The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 GMT
> and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates do
> not match between pdbedit and smbldap-tools.
> This is really causing a problem because I am trying to set up a new
> user and cannot get his password to expire.
According the samba documentation:
sambaPwdLastSet: The integer time in seconds since 1970 when the
sambaLMPassword and sambaNTPassword attributes were last set.
sambaPwdCanChange: Specifies the time (UNIX time format) after which the
user is allowed to change his password. If this attribute is not set,
the user will be free to change his password whenever he wants.
sambaPwdMustChange: Specifies the time (UNIX time format) when the user
is forced to change his password. If this value is set to 0, the user
will have to change his password at first login. If this attribute is
not set, then the password will never expire.
"UNIX time format" (1) means exactly that time measured in seconds since
1970, and your results appears to be coherent with time measured in seconds.
Your sambaPwdCanChange is 7 days (measured in seconds) beyond
sambaPwdLastSet (thats is exactly the same result that pdbedit is showing).
Passwords can be forced to change using smbldap-tools "smbldap-usermod
-B 1 user" too. And as the docs say, users are forced to change their
passwords when sambaPwdMustChange is set to 0.
I don't know how your system used to be, but the docs says how it should
Edmundo Valle Neto
More information about the samba