Re: [Samba] Accounts are getting disabled
This is a discussion on Re: [Samba] Accounts are getting disabled within the Samba forums, part of the Networking and Network Related category; > > On Sat, 3 Jul 2004, Tilo Lutz wrote: > > > None of my acounts in ldap have ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-05-2004
|
|||
|
|||
Re: [Samba] Accounts are getting disabled
> > On Sat, 3 Jul 2004, Tilo Lutz wrote:
> > > None of my acounts in ldap have set sambaPwdLastSet, even those > > > acounts which became disabled. If I have understand you right, > > > samba should not disable account if the attribute sambaPwdLastSet > > > is not defined in ldap? > On Mon, 2004-07-05 at 06:56, Gerald (Jerry) Carter wrote: > > If the attribute is not defined smbd gives it an implicit value of 0. > Andrew Bartlet wrote: > If that's what caused the issue, then there is a bug (which I'm happy to > look into and fix). > > /* only reset a password if the last set time has been > explicitly been set to zero. A default last set time > is ignored */ > > if ( (pdb_get_init_flags(pass, PDB_PASSLASTSET) != PDB_DEFAULT) > && (pdb_get_pass_last_set_time(pass) == 0) ) > { > > The intention of the logic was that if the value was undefined in LDAP, > the flags would be set to PDB_DEFAULT and it would not be treated as > 'defined as zero' for this test. I take a closer look at my users: Heres a ldap record (without password hashes) of saturday: dn: uid=alexander-cristea,ou=kl-1g3,ou=people,dc=wms-hn,dc=de userPassword:: e0NSWVBUfTE3NnUxQzA0ZDhCbG8= shadowLastChange: 11947 sambaPwdLastSet: 1 objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person objectClass: organizationalPerson objectClass: top objectClass: sambaSamAccount cn: alexander-cristea sn: alexander-cristea uid: alexander-cristea homeDirectory: /home/kl-1g3/alexander-cristea gecos: "kl-1g3" loginShell: /bin/sh shadowMin: 1 shadowMax: 99999 shadowWarning: 14 sambaPwdMustChange: 1800000000 gidNumber: 112 sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1225 uidNumber: 5248 sambaSID: S-1-5-21-3371203057-3264423045-2392767973-11496 sambaProfilePath: \\WILMA2\profile sambaAcctFlags: [UX ] The same user monday morning: # alexander-cristea, kl-1g3, people, wms-hn.de dn: uid=alexander-cristea,ou=kl-1g3,ou=people,dc=wms-hn,dc=de objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person objectClass: organizationalPerson objectClass: top objectClass: sambaSamAccount cn: alexander-cristea sn: alexander-cristea uid: alexander-cristea homeDirectory: /home/kl-1g3/alexander-cristea gecos: "kl-1g3" loginShell: /bin/sh shadowMin: 1 shadowMax: 99999 shadowWarning: 14 sambaPwdMustChange: 1800000000 gidNumber: 112 sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-1225 uidNumber: 5248 sambaSID: S-1-5-21-3371203057-3264423045-2392767973-11496 sambaProfilePath: \\WILMA2\profile sambaAcctFlags: [DUX ] Again there's no logentrie in log.smbd (loglevel 2). As you can see the account was disabled and sambaPwdLastSet was removed. Anything I can do to find the problem? Which loglevel should I use? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba 
|
Linear Mode
