[Samba] [Urgent] Cannot make changes via pdbedit
Jason Baker
jbaker at glastender.com
Wed Jul 18 13:36:29 GMT 2007
Also, If I run the command:
pdbedit --pwd-must-change-time="2007-07-14" --time-format="%Y-%m-%d" jrolfe
It doesn't have any effect. I run pdbedit -Lv -u jrolfe and get:
<-------cut-------->
Logoff time: never
Kickoff time: Tue, 31 Dec 2030 08:00:00 EST
Password last set: Mon, 01 Jan 2007 03:00:00 EST
Password can change: Mon, 01 Jan 2007 03:00:00 EST
Password must change: never
So for some reason pdbedit is not effecting the users LDAP data, but if
I use smbldap-tools, the changes show up, but they don't work when I try
to log in under windows xp.
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
Edmundo Valle Neto wrote:
> Edmundo Valle Neto escreveu:
>> Jason Baker escreveu:
>>> I have been having some problems since I updated from Samba 3.0.23
>>> to 3.0.25b. I have installed the latest version of smbldap-tools but
>>> I am still not able to make certain changes to a user's account. I
>>> have created a new user named JROLFE.
>>> After I set up a new user, I will set it so they are required to
>>> change their password when they first login. I usually do this
>>> through LDAP Account Manager.
>>> I set User can change password to a date in the past and User must
>>> change password to a date in the past. But for some reason it didn't
>>> work. If I run pdbedit -Lv -u jrolfe, I get:
>>>
>>> Password last set: Mon, 01 Jan 2007 03:00:00 EST
>>> Password can change: Mon, 08 Jan 2007 03:00:00 EST
>>> Password must change: never
>>>
>>> If I run ../smbldap-usershow jrolfe, I get:
>>>
>>> sambaPwdCanChange: 1183795200
>>> sambaPwdLastSet: 1167638400
>>> sambaPwdMustChange: 1167638400
>>>
>>> The unix times converted to english are: Sat, 07 Jul 2007 08:00:00
>>> GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates
>>> do not match between pdbedit and smbldap-tools.
>>> This is really causing a problem because I am trying to set up a new
>>> user and cannot get his password to expire.
>>
>> According the samba documentation:
>>
>> sambaPwdLastSet: The integer time in seconds since 1970 when the
>> sambaLMPassword and sambaNTPassword attributes were last set.
>>
>> sambaPwdCanChange: Specifies the time (UNIX time format) after which
>> the user is allowed to change his password. If this attribute is not
>> set, the user will be free to change his password whenever he wants.
>>
>> sambaPwdMustChange: Specifies the time (UNIX time format) when the
>> user is forced to change his password. If this value is set to 0, the
>> user will have to change his password at first login. If this
>> attribute is not set, then the password will never expire.
>>
>> "UNIX time format" (1) means exactly that time measured in seconds
>> since 1970, and your results appears to be coherent with time
>> measured in seconds.
>>
>> sambaPwdCanChange: 1183795200
>> sambaPwdLastSet: 1167638400
>>
>> Your sambaPwdCanChange is 7 days (measured in seconds) beyond
>> sambaPwdLastSet (thats is exactly the same result that pdbedit is
>> showing).
>>
>> Passwords can be forced to change using smbldap-tools
>> "smbldap-usermod -B 1 user" too. And as the docs say, users are
>> forced to change their passwords when sambaPwdMustChange is set to 0.
>>
>> I don't know how your system used to be, but the docs says how it
>> should behaves.
>>
>> 1. http://en.wikipedia.org/wiki/Unix_time
>>
>>
>> Regards.
>>
>> Edmundo Valle Neto
>
> Sorry, calculating the times seems that one of the results is really
> incorrect, even with Unix time format.
>
> Password last set is correct, the difference is between GMT and EST.
> But Password can change isn't.
>
> Do you have any policy set about password changing?
>
> Regards.
>
> Edmundo Valle Neto
>
>
More information about the samba
mailing list