[Samba] sambaPwdMustChange not synced on PDC from BDC

Michael Ströder michael at stroeder.com
Tue Sep 1 14:34:41 MDT 2009

nogenetics nogenetics wrote:
> On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics <
> nnogenetics at gmail.com> wrote:
>> I have a PDC/BDC samba/ldap environment.
>> PDC:
>> samba 3.0.24
>> slapd 2.3.30
>> BDC:
>> samba 3.2.5
>> slapd 2.4.11
>> Ldap replication is working fine, but I have noticed two issues
>> 1- when a windows user change password on BDC, sambaPwdMustChange and
>> sambaPwdCanChange is not synced on PDC
>>     (using ldap passwd sync = yes and unix password sync = no)
>> 2- when using 'net sam set pwdmustchange'  on PDC, sambaPwdMustChange is
>> not synced on BDC
>> Anyone can point me what's wrong?
>> About issue 1-  , I can use unix password sync = yes and ldap passwd sync =
>> no (using smbldap-passwd) as workaround, but windows user get that annoying
>> warning message (decode_pw_buffer-incorrect-password-length topic).  Is
>> there a way to avoid this warning message?
>> This is a issue many users are experiencing.
>> Thanks in advance for your time
> Bump!
> No hints?

How are you sure you don't run into OpenLDAP replication problems? The
OpenLDAP versions you're running are quite old. slapd 2.3.x is not actively
supported anymore. There also were interop issues fixed regarding replication
between 2.3.x and 2.4.x and numerous syncrepl fixes for 2.4.x. You should
definitely upgrade your OpenLDAP installations.

Ciao, Michael.

More information about the samba mailing list