[Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a
Duncan Brannen
dbb at st-andrews.ac.uk
Fri Nov 16 10:33:06 GMT 2007
Setting the User Account Flags to [UX] on the LDAP server allows the
user to log in,
Previous to this pdbedit was reporting 'Password must change: 0' should
that have been -1?
Any way to get back to what seemed to be default behaviour prior to 3.0.25 ?
Cheers,
Duncan
Duncan Brannen wrote:
>
> Thanks John,
> Setting this to 0 (Zero) or not having it present seems to
> work with 3.0.23c but with
> 3.0.26a I still get the NT_STATUS_PASSWORD_MUST_CHANGE error.
>
> Looking at the code the log points to (auth/auth_sam.c) line 172
> There is a change
> between 23c and 26a which may or may not point to the answer. It
> doesn't look
> obvious to me.
>
>
> 3.0.26a
>> if (!(pdb_get_acct_ctrl(sampass) & ACB_PWNOEXP) &&
>> !(pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)) {
>> time_t must_change_time =
>> pdb_get_pass_must_change_time(sampass);
>> time_t last_set_time =
>> pdb_get_pass_last_set_time(sampass);
>>
>> /* check for immediate expiry "must change at next
>> logon" */
>> if (last_set_time == 0) {
>> DEBUG(1,("sam_account_ok: Account for user
>> '%s' password must change!.\n", pdb_get_username(sampass)));
>> return NT_STATUS_PASSWORD_MUST_CHANGE;
>> }
>> # diff samba-3.0.26a/source/auth/auth_sam.c
>> samba-3.0.23c/source/auth/auth_sam.c
>> 166c166
>> < if (!(pdb_get_acct_ctrl(sampass) & ACB_PWNOEXP) &&
>> !(pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)) {
>> ---
>> > if (!(pdb_get_acct_ctrl(sampass) & ACB_PWNOEXP)) {
>> 171c171
>> < if (last_set_time == 0) {
>> ---
>> > if (must_change_time == 0 && last_set_time != 0) {
>
> Cheers,
> Duncan
>
More information about the samba
mailing list