[Samba] sambaPwdMustChange not synced on PDC from BDC
dmarkey at dodds.dmarkey.com
Wed Sep 2 08:57:41 MDT 2009
This caught me out too.
sambaPwdMustChange has been phased out since late in the 3.0 series. It is
The password expiry is calculated on the fly from sambaPwdLastChange +
You will have to run the same version of samba on both PDC and BDC.
On Tue, 01 Sep 2009 22:34:41 +0200, Michael Ströder <michael at stroeder.com>
> nogenetics nogenetics wrote:
>> On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics <
>> nnogenetics at gmail.com> wrote:
>>> I have a PDC/BDC samba/ldap environment.
>>> samba 3.0.24
>>> slapd 2.3.30
>>> samba 3.2.5
>>> slapd 2.4.11
>>> Ldap replication is working fine, but I have noticed two issues
>>> 1- when a windows user change password on BDC, sambaPwdMustChange and
>>> sambaPwdCanChange is not synced on PDC
>>> (using ldap passwd sync = yes and unix password sync = no)
>>> 2- when using 'net sam set pwdmustchange' on PDC, sambaPwdMustChange
>>> not synced on BDC
>>> Anyone can point me what's wrong?
>>> About issue 1- , I can use unix password sync = yes and ldap passwd
>>> sync =
>>> no (using smbldap-passwd) as workaround, but windows user get that
>>> warning message (decode_pw_buffer-incorrect-password-length topic). Is
>>> there a way to avoid this warning message?
>>> This is a issue many users are experiencing.
>>> Thanks in advance for your time
>> No hints?
> How are you sure you don't run into OpenLDAP replication problems? The
> OpenLDAP versions you're running are quite old. slapd 2.3.x is not
> supported anymore. There also were interop issues fixed regarding
> between 2.3.x and 2.4.x and numerous syncrepl fixes for 2.4.x. You should
> definitely upgrade your OpenLDAP installations.
> Ciao, Michael.
More information about the samba