[Samba] shadowLastChange problem with Samba+OpenLDAP
hanjun.kou at gmail.com
Tue Sep 9 15:39:22 GMT 2008
I'm running samba-3.0.28a-1ubuntu4.4/smbldap-tools-0.9.4-1 on Ubuntu Hardy
with the Samba+OpenLDAP setup. I found some problems with password change.
With the following settings in smb.conf:
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = New password:%n\nRetype new password:%n\n
unix password sync = no
1. When I change passwords from Windows, everything is fine except the
shadowLastChange field is never updated when shadowMax is nonzero.
So the password age feature is not functioning as expected.
2. Later I found shadowLastChange could be updated by smbldap-passwd, so I
'unix password sync' from no to yes. In this case, change_oem_password()
return NT_STATUS_ACCESS_DENIED when the passwords are actually good.
I did a little trace and found that smbldap-passwd exited when getting
new password when invoked as 'passwd program' by samba.
How can I make shadowLastChange updated correctly? Anybody with any
More information about the samba