[Samba] [Urgent] Cannot make changes via pdbedit

Jason Baker jbaker at glastender.com
Wed Jul 18 12:06:53 GMT 2007

> Do you have any policy set about password changing?
Users are allowed to change their passwords every 7 days.

*Jason Baker
*/IT Coordinator/

*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

Edmundo Valle Neto wrote:
> Edmundo Valle Neto escreveu:
>> Jason Baker escreveu:
>>> I have been having some problems since I updated from Samba 3.0.23 
>>> to 3.0.25b. I have installed the latest version of smbldap-tools but 
>>> I am still not able to make certain changes to a user's account. I 
>>> have created a new user named JROLFE.
>>> After I set up a new user, I will set it so they are required to 
>>> change their password when they first login. I usually do this 
>>> through LDAP Account Manager.
>>> I set User can change password to a date in the past and User must 
>>> change password to a date in the past. But for some reason it didn't 
>>> work. If I run pdbedit -Lv -u jrolfe, I get:
>>>    Password last set:    Mon, 01 Jan 2007 03:00:00 EST
>>>    Password can change:  Mon, 08 Jan 2007 03:00:00 EST
>>>    Password must change: never
>>> If I run ../smbldap-usershow jrolfe, I get:
>>>    sambaPwdCanChange: 1183795200
>>>    sambaPwdLastSet: 1167638400
>>>    sambaPwdMustChange: 1167638400
>>> The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 
>>> GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates 
>>> do not match between pdbedit and smbldap-tools.
>>> This is really causing a problem because I am trying to set up a new 
>>> user and cannot get his password to expire.
>> According the samba documentation:
>> sambaPwdLastSet: The integer time in seconds since 1970 when the 
>> sambaLMPassword and sambaNTPassword attributes were last set.
>> sambaPwdCanChange: Specifies the time (UNIX time format) after which 
>> the user is allowed to change his password. If this attribute is not 
>> set, the user will be free to change his password whenever he wants.
>> sambaPwdMustChange: Specifies the time (UNIX time format) when the 
>> user is forced to change his password. If this value is set to 0, the 
>> user will have to change his password at first login. If this 
>> attribute is not set, then the password will never expire.
>> "UNIX time format" (1) means exactly that time measured in seconds 
>> since 1970, and your results appears to be coherent with time 
>> measured in seconds.
>> sambaPwdCanChange: 1183795200
>> sambaPwdLastSet: 1167638400
>> Your sambaPwdCanChange is 7 days (measured in seconds) beyond 
>> sambaPwdLastSet (thats is exactly the same result that pdbedit is 
>> showing).
>> Passwords can be forced to change using smbldap-tools 
>> "smbldap-usermod -B 1 user" too. And as the docs say, users are 
>> forced to change their passwords when sambaPwdMustChange is set to 0.
>> I don't know how your system used to be, but the docs says how it 
>> should behaves.
>> 1. http://en.wikipedia.org/wiki/Unix_time
>> Regards.
>> Edmundo Valle Neto
> Sorry, calculating the times seems that one of the results is really 
> incorrect, even with Unix time format.
> Password last set is correct, the difference is between GMT and EST.
> But Password can change isn't.
> Do you have any policy set about password changing?
> Regards.
> Edmundo Valle Neto

More information about the samba mailing list