[Samba] [Urgent] Cannot make changes via pdbedit

Jason Baker jbaker at glastender.com
Wed Jul 18 13:36:29 GMT 2007


Also, If I run the command:
pdbedit --pwd-must-change-time="2007-07-14" --time-format="%Y-%m-%d" jrolfe
It doesn't have any effect. I run pdbedit -Lv -u jrolfe and get:

<-------cut-------->
Logoff time:          never
Kickoff time:         Tue, 31 Dec 2030 08:00:00 EST
Password last set:    Mon, 01 Jan 2007 03:00:00 EST
Password can change:  Mon, 01 Jan 2007 03:00:00 EST
Password must change: never

So for some reason pdbedit is not effecting the users LDAP data, but if 
I use smbldap-tools, the changes show up, but they don't work when I try 
to log in under windows xp.

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

-----BEGIN GEEK CODE BLOCK----- 
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++
------END GEEK CODE BLOCK------



Edmundo Valle Neto wrote:
> Edmundo Valle Neto escreveu:
>> Jason Baker escreveu:
>>> I have been having some problems since I updated from Samba 3.0.23 
>>> to 3.0.25b. I have installed the latest version of smbldap-tools but 
>>> I am still not able to make certain changes to a user's account. I 
>>> have created a new user named JROLFE.
>>> After I set up a new user, I will set it so they are required to 
>>> change their password when they first login. I usually do this 
>>> through LDAP Account Manager.
>>> I set User can change password to a date in the past and User must 
>>> change password to a date in the past. But for some reason it didn't 
>>> work. If I run pdbedit -Lv -u jrolfe, I get:
>>>
>>>    Password last set:    Mon, 01 Jan 2007 03:00:00 EST
>>>    Password can change:  Mon, 08 Jan 2007 03:00:00 EST
>>>    Password must change: never
>>>
>>> If I run ../smbldap-usershow jrolfe, I get:
>>>
>>>    sambaPwdCanChange: 1183795200
>>>    sambaPwdLastSet: 1167638400
>>>    sambaPwdMustChange: 1167638400
>>>
>>> The unix times converted to english are: Sat, 07 Jul 2007 08:00:00 
>>> GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates 
>>> do not match between pdbedit and smbldap-tools.
>>> This is really causing a problem because I am trying to set up a new 
>>> user and cannot get his password to expire.
>>
>> According the samba documentation:
>>
>> sambaPwdLastSet: The integer time in seconds since 1970 when the 
>> sambaLMPassword and sambaNTPassword attributes were last set.
>>
>> sambaPwdCanChange: Specifies the time (UNIX time format) after which 
>> the user is allowed to change his password. If this attribute is not 
>> set, the user will be free to change his password whenever he wants.
>>
>> sambaPwdMustChange: Specifies the time (UNIX time format) when the 
>> user is forced to change his password. If this value is set to 0, the 
>> user will have to change his password at first login. If this 
>> attribute is not set, then the password will never expire.
>>
>> "UNIX time format" (1) means exactly that time measured in seconds 
>> since 1970, and your results appears to be coherent with time 
>> measured in seconds.
>>
>> sambaPwdCanChange: 1183795200
>> sambaPwdLastSet: 1167638400
>>
>> Your sambaPwdCanChange is 7 days (measured in seconds) beyond 
>> sambaPwdLastSet (thats is exactly the same result that pdbedit is 
>> showing).
>>
>> Passwords can be forced to change using smbldap-tools 
>> "smbldap-usermod -B 1 user" too. And as the docs say, users are 
>> forced to change their passwords when sambaPwdMustChange is set to 0.
>>
>> I don't know how your system used to be, but the docs says how it 
>> should behaves.
>>
>> 1. http://en.wikipedia.org/wiki/Unix_time
>>
>>
>> Regards.
>>
>> Edmundo Valle Neto
>
> Sorry, calculating the times seems that one of the results is really 
> incorrect, even with Unix time format.
>
> Password last set is correct, the difference is between GMT and EST.
> But Password can change isn't.
>
> Do you have any policy set about password changing?
>
> Regards.
>
> Edmundo Valle Neto
>
>


More information about the samba mailing list