[Samba] ShadowLastChange does not update
Carl Werner
carl at beekmanbrothers.co.za
Wed Sep 30 02:49:00 MDT 2009
Hi Everyone,
I have a Samba 3.0.34 PDC setup with OpenLDAP 2.3.43 as backend on a
Gentoo server. I also use LDAP for IMAP, SMTP and proxy authentication.
For some reason the shadowLastChange does not update when a user changes
his/her password from Windows XP. The samba and unix passwords and also
the samba "Password must change field" does change as required, it is
only the ShadowLastChange that does not update. It does update when I
run smbldap-passwd from command line and also through LDAP Account
Manager. This causes the unix password on LDAP to expire before the
Samba password has expired and then the user can not use his email or
internet connection.
I have tried different combinations of the passwd settings in smb.conf,
including:
Only:
ldap password sync = yes
Also tried:
ldap password sync = yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Re*ype*new*password* %n\n \
I also created my own script which calls smbldap-passwd and then
manually updates ShadowLastChange. This worked fine from the command
line but did not seem to work from Windows XP.
I have also given full access to all users on LDAP in case it was a
permissions problem, but to no avail...
I have been battling with this problem for the last month. Hope someone
can give me some pointers. Please let me know if i need to post any
other info...
Regards
Carl Werner
More information about the samba
mailing list