[Samba] Novell Client forces password change, Ver. 3.5.2. and LDAP

Deyan Stoykov dstoykov at uni-ruse.bg
Mon May 3 00:28:21 MDT 2010

Jörn Frenzel wrote:
> Dear all,
> we have a strange behavior using Samba (Verson 3.5.2) as PDC with Open 
> LDAP (Version 2.1.22) as backend and an old Novell-Client (version: 4.91 
> SP5) running on WinXP (SP3 and higher).
> The old PDC (Version 3.0.28) was running over years with the same 
> LDAP-Server as backend and with Novell installed on the clients.
> We decided to migrate to Samba 3.5.2 , updated all the LDAP schemas 
> according to Samba Version 3.5.2, setup an new 64Bit Ubuntu (10.4) and 
> build the new Samba. Everything worked fine and the testclient (without 
> Novell) could login without any trouble. But if i try to login on a 
> Novell-Client (using nwgina.dll instead of msgina.dll), i'm forced to 
> set a new password and this is what we don't want.
> Users LDAP-Values for "sambaPwdMustChange" are quite old, but the 
> LDAP-Value "sambaMaxPwdAge" for the object "sambaDomain" itself is set 
> to "-1". As far as i understand, this should ever cover the 
> "old-passwords-problem" and in indeed msgina.dll does not claim about 
> old pwds.
> But nwgina seems to act in a different way. As we noticed in the 
> nwgina.log, it is first asking if username and password apply and then 
> it is  asking about the password age.
> We digged around in the code, looking for the point nwgina uses to ask 
> about the password age. Unfortunately we found nothing.

Hi Jorn,

We're experiencing this as well. I believe it's caused by this bug:



Deyan Stoykov, dstoykov at uni-ruse.bg
System administrator
University of Ruse

More information about the samba mailing list