[Samba] [Urgent] Cannot make changes via pdbedit

Edmundo Valle Neto edmundo.valle at terra.com.br
Wed Jul 18 00:24:29 GMT 2007

Edmundo Valle Neto escreveu:
> Jason Baker escreveu:
>> I have been having some problems since I updated from Samba 3.0.23 to 
>> 3.0.25b. I have installed the latest version of smbldap-tools but I 
>> am still not able to make certain changes to a user's account. I have 
>> created a new user named JROLFE.
>> After I set up a new user, I will set it so they are required to 
>> change their password when they first login. I usually do this 
>> through LDAP Account Manager.
>> I set User can change password to a date in the past and User must 
>> change password to a date in the past. But for some reason it didn't 
>> work. If I run pdbedit -Lv -u jrolfe, I get:
>>    Password last set:    Mon, 01 Jan 2007 03:00:00 EST
>>    Password can change:  Mon, 08 Jan 2007 03:00:00 EST
>>    Password must change: never
>> If I run ../smbldap-usershow jrolfe, I get:
>>    sambaPwdCanChange: 1183795200
>>    sambaPwdLastSet: 1167638400
>>    sambaPwdMustChange: 1167638400
>> The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 
>> GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates 
>> do not match between pdbedit and smbldap-tools.
>> This is really causing a problem because I am trying to set up a new 
>> user and cannot get his password to expire.
> According the samba documentation:
> sambaPwdLastSet: The integer time in seconds since 1970 when the 
> sambaLMPassword and sambaNTPassword attributes were last set.
> sambaPwdCanChange: Specifies the time (UNIX time format) after which 
> the user is allowed to change his password. If this attribute is not 
> set, the user will be free to change his password whenever he wants.
> sambaPwdMustChange: Specifies the time (UNIX time format) when the 
> user is forced to change his password. If this value is set to 0, the 
> user will have to change his password at first login. If this 
> attribute is not set, then the password will never expire.
> "UNIX time format" (1) means exactly that time measured in seconds 
> since 1970, and your results appears to be coherent with time measured 
> in seconds.
> sambaPwdCanChange: 1183795200
> sambaPwdLastSet: 1167638400
> Your sambaPwdCanChange is 7 days (measured in seconds) beyond 
> sambaPwdLastSet (thats is exactly the same result that pdbedit is 
> showing).
> Passwords can be forced to change using smbldap-tools "smbldap-usermod 
> -B 1 user" too. And as the docs say, users are forced to change their 
> passwords when sambaPwdMustChange is set to 0.
> I don't know how your system used to be, but the docs says how it 
> should behaves.
> 1. http://en.wikipedia.org/wiki/Unix_time
> Regards.
> Edmundo Valle Neto

Sorry, calculating the times seems that one of the results is really 
incorrect, even with Unix time format.

Password last set is correct, the difference is between GMT and EST.
But Password can change isn't.

Do you have any policy set about password changing?


Edmundo Valle Neto

More information about the samba mailing list