[Samba] Samba/Ldap problems with Versions > 3.0.24

Mario Gzuk mariogzuk at technikz.de
Mon Mar 17 10:13:24 GMT 2008 

Hi,
we have a samba/ldap domain. After upgrading to versions greater than
3.0.24, there are problems with the timestamps which are correct set in
the LDAP tree.
Here are 2 examples:
---------------------------------------------------
Example 1: 
Password can change=not empty
LDAP:
sambaPwdLastSet: 1205744729
sambaPwdMustChange: 1307828342
sambaPwdCanChange: 1192276342
sambaKickoffTime: 1228086000

Samba 3.0.24 -> correct:
Logon time:           Tue, 06 Feb 2007 16:07:05 CET
Logoff time:          Tue, 10 Feb 2004 09:18:42 CET
Kickoff time:         Mon, 01 Dec 2008 00:00:00 CET
Password last set:    Mon, 17 Mar 2008 10:05:29 CET
Password can change:  Sat, 13 Oct 2007 13:52:22 CEST
Password must change: Sat, 11 Jun 2011 23:39:02 CEST


Samba >3.0.24 -> incorrect:
Logon time:           Tue, 06 Feb 2007 16:07:05 CET
Logoff time:          Tue, 10 Feb 2004 09:18:42 CET
Kickoff time:         Mon, 01 Dec 2008 00:00:00 CET
Password last set:    Mon, 17 Mar 2008 10:05:29 CET
Password can change:  Mon, 17 Mar 2008 10:05:29 CET
Password must change: Mon, 17 Mar 2008 10:06:59 CET
---------------------------------------------------
Exapmle 2:
Password can change=empty
LDAP:
sambaPwdLastSet: 1205738745
sambaPwdMustChange: 1208781070
sambaKickoffTime: 1230764400
sambaPwdCanChange -> doesnt exist

Samba 3.0.24 -> correct:
Logon time:           Wed, 07 Feb 2007 20:00:12 CET
Logoff time:          Thu, 09 Oct 2003 08:04:28 CEST
Kickoff time:         Thu, 01 Jan 2009 00:00:00 CET
Password last set:    Mon, 17 Mar 2008 08:25:45 CET
Password can change:  0
Password must change: Mon, 21 Apr 2008 14:31:10 CEST

Samba >3.0.24 -> incorrect:
Logon time:           Wed, 07 Feb 2007 20:00:12 CET
Logoff time:          Thu, 09 Oct 2003 08:04:28 CEST
Kickoff time:         Thu, 01 Jan 2009 00:00:00 CET
Password last set:    Mon, 17 Mar 2008 08:25:45 CET
Password can change:  Mon, 17 Mar 2008 08:25:45 CET
Password must change: Mon, 17 Mar 2008 08:27:15 CET
---------------------------------------------------

The time sets for "Password can change:" and "Password must change:" are
incorrect, that leads to that each user has to change his password every
time he want to log in, because the "Password must change" is 1:30
minute later than "Password can change" which is the same value like
"Password last set". So this bug exists since a half year, so I wonder
that no one other than Tomasz Chmielewski has detect this behavior. See
his unanswered messages here:
http://www.nabble.com/Re%
3A-Strange-NT_STATUS_PASSWORD-errors-after-upgrade-to-3.0.26a-td15847364.html


greetings mario

More information about the samba mailing list