[Samba] [Urgent] Cannot make changes via pdbedit

Edmundo Valle Neto edmundo.valle at terra.com.br
Tue Jul 17 23:40:13 GMT 2007 

Jason Baker escreveu:
> I have been having some problems since I updated from Samba 3.0.23 to 
> 3.0.25b. I have installed the latest version of smbldap-tools but I am 
> still not able to make certain changes to a user's account. I have 
> created a new user named JROLFE.
> After I set up a new user, I will set it so they are required to 
> change their password when they first login. I usually do this through 
> LDAP Account Manager.
> I set User can change password to a date in the past and User must 
> change password to a date in the past. But for some reason it didn't 
> work. If I run pdbedit -Lv -u jrolfe, I get:
>
>    Password last set:    Mon, 01 Jan 2007 03:00:00 EST
>    Password can change:  Mon, 08 Jan 2007 03:00:00 EST
>    Password must change: never
>
> If I run ../smbldap-usershow jrolfe, I get:
>
>    sambaPwdCanChange: 1183795200
>    sambaPwdLastSet: 1167638400
>    sambaPwdMustChange: 1167638400
>
> The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 GMT 
> and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates do 
> not match between pdbedit and smbldap-tools.
> This is really causing a problem because I am trying to set up a new 
> user and cannot get his password to expire.

According the samba documentation:

sambaPwdLastSet: The integer time in seconds since 1970 when the 
sambaLMPassword and sambaNTPassword attributes were last set.

sambaPwdCanChange: Specifies the time (UNIX time format) after which the 
user is allowed to change his password. If this attribute is not set, 
the user will be free to change his password whenever he wants.

sambaPwdMustChange: Specifies the time (UNIX time format) when the user 
is forced to change his password. If this value is set to 0, the user 
will have to change his password at first login. If this attribute is 
not set, then the password will never expire.

"UNIX time format" (1) means exactly that time measured in seconds since 
1970, and your results appears to be coherent with time measured in seconds.

sambaPwdCanChange: 1183795200
sambaPwdLastSet: 1167638400

Your sambaPwdCanChange is 7 days (measured in seconds) beyond 
sambaPwdLastSet (thats is exactly the same result that pdbedit is showing).

Passwords can be forced to change using smbldap-tools "smbldap-usermod 
-B 1 user" too. And as the docs say, users are forced to change their 
passwords when sambaPwdMustChange is set to 0.

I don't know how your system used to be, but the docs says how it should 
behaves.

1. http://en.wikipedia.org/wiki/Unix_time


Regards.

Edmundo Valle Neto

More information about the samba mailing list