[Samba] shadowLastChange problem with Samba+OpenLDAP

=?gb2312?B?v9y6rL78?= hanjun.kou at gmail.com
Tue Sep 9 15:39:22 GMT 2008


Dear all,

 

I'm running samba-3.0.28a-1ubuntu4.4/smbldap-tools-0.9.4-1 on Ubuntu Hardy

with the Samba+OpenLDAP setup. I found some problems with password change.

 

With the following settings in smb.conf:

  ldap passwd sync = Yes

  passwd program = /usr/sbin/smbldap-passwd %u

  passwd chat = New password:%n\nRetype new password:%n\n

  unix password sync = no

  ...

 

1. When I change passwords from Windows, everything is fine except the

   shadowLastChange field is never updated when shadowMax is nonzero.

 So the password age feature is not functioning as expected.

2. Later I found shadowLastChange could be updated by smbldap-passwd, so I
changed

   'unix password sync' from no to yes. In this case, change_oem_password()
will

   return NT_STATUS_ACCESS_DENIED when the passwords are actually good.

   I did a little trace and found that smbldap-passwd exited when getting
the

   new password when invoked as 'passwd program' by samba.

 

How can I make shadowLastChange updated correctly? Anybody with any
suggestions?

Thanks!



More information about the samba mailing list