[Samba] shadowLastChange problem with Samba+OpenLDAP

=?gb2312?B?v9y6rL78?= hanjun.kou at gmail.com
Wed Sep 10 04:02:20 GMT 2008

Dear all,


I'm running samba-3.0.28a-1ubuntu4.4/smbldap-tools-0.9.4-1 on Ubuntu Hardy

with the Samba+OpenLDAP setup. I found some problems with password change.


For the following settings in smb.conf:

  ldap passwd sync = Yes

  passwd program = /usr/sbin/smbldap-passwd %u

  passwd chat = New password:%n\nRetype new password:%n\n

  unix password sync = no



1. When I change passwords from Windows, everything is fine except the

   shadowLastChange field is never updated when shadowMax is nonzero.

 So the password age feature is not functioning as expected.

2. Later I found shadowLastChange could be updated by smbldap-passwd, so I

   'unix password sync' from no to yes. In this case, change_oem_password()

   return NT_STATUS_ACCESS_DENIED when the passwords are actually good.

   I did a little trace and found that smbldap-passwd exited when getting

   new password when invoked as 'passwd program' by samba.


How can I make shadowLastChange updated correctly? Anybody with any



More information about the samba mailing list