[Samba] sambaPwdMustChange not synced on PDC from BDC

David Markey dmarkey at dodds.dmarkey.com
Wed Sep 2 08:57:41 MDT 2009


This caught me out too.

sambaPwdMustChange has been phased out since late in the 3.0 series. It is
ignored.

The password expiry is calculated on the fly from sambaPwdLastChange +
sambaMaxPwdAge(Domain entry)


You will have to run the same version of samba on both PDC and BDC.





On Tue, 01 Sep 2009 22:34:41 +0200, Michael Ströder <michael at stroeder.com>
wrote:
> nogenetics nogenetics wrote:
>> On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics <
>> nnogenetics at gmail.com> wrote:
>>> I have a PDC/BDC samba/ldap environment.
>>> PDC:
>>> samba 3.0.24
>>> slapd 2.3.30
>>>
>>> BDC:
>>> samba 3.2.5
>>> slapd 2.4.11
>>>
>>> Ldap replication is working fine, but I have noticed two issues
>>>
>>> 1- when a windows user change password on BDC, sambaPwdMustChange and
>>> sambaPwdCanChange is not synced on PDC
>>>     (using ldap passwd sync = yes and unix password sync = no)
>>>
>>> 2- when using 'net sam set pwdmustchange'  on PDC, sambaPwdMustChange
is
>>> not synced on BDC
>>>
>>> Anyone can point me what's wrong?
>>>
>>> About issue 1-  , I can use unix password sync = yes and ldap passwd
>>> sync =
>>> no (using smbldap-passwd) as workaround, but windows user get that
>>> annoying
>>> warning message (decode_pw_buffer-incorrect-password-length topic).  Is
>>> there a way to avoid this warning message?
>>> This is a issue many users are experiencing.
>>>
>>> Thanks in advance for your time
>>>
>>>
>> Bump!
>> No hints?
> 
> How are you sure you don't run into OpenLDAP replication problems? The
> OpenLDAP versions you're running are quite old. slapd 2.3.x is not
actively
> supported anymore. There also were interop issues fixed regarding
> replication
> between 2.3.x and 2.4.x and numerous syncrepl fixes for 2.4.x. You should
> definitely upgrade your OpenLDAP installations.
> 
> Ciao, Michael.


More information about the samba mailing list