[Samba] Novell Client forces password change, Ver. 3.5.2. and LDAP
jf at nutzerverwaltung.de
Thu Apr 29 11:00:07 MDT 2010
we have a strange behavior using Samba (Verson 3.5.2) as PDC with Open LDAP
(Version 2.1.22) as backend and an old Novell-Client (version: 4.91 SP5)
running on WinXP (SP3 and higher).
The old PDC (Version 3.0.28) was running over years with the same
LDAP-Server as backend and with Novell installed on the clients.
We decided to migrate to Samba 3.5.2 , updated all the LDAP schemas
according to Samba Version 3.5.2, setup an new 64Bit Ubuntu (10.4) and
build the new Samba. Everything worked fine and the testclient (without
Novell) could login without any trouble. But if i try to login on a
Novell-Client (using nwgina.dll instead of msgina.dll), i'm forced to set a
new password and this is what we don't want.
Users LDAP-Values for "sambaPwdMustChange" are quite old, but the
LDAP-Value "sambaMaxPwdAge" for the object "sambaDomain" itself is set to
"-1". As far as i understand, this should ever cover the
"old-passwords-problem" and in indeed msgina.dll does not claim about old
But nwgina seems to act in a different way. As we noticed in the
nwgina.log, it is first asking if username and password apply and then it
is asking about the password age.
We digged around in the code, looking for the point nwgina uses to ask
about the password age. Unfortunately we found nothing.
Any help would be appreciated.
More information about the samba