This caught me out too. sambaPwdMustChange has been phased out since late in the 3.0 series. It is ignored.
The password expiry is calculated on the fly from sambaPwdLastChange + sambaMaxPwdAge(Domain entry) You will have to run the same version of samba on both PDC and BDC. On Tue, 01 Sep 2009 22:34:41 +0200, Michael Ströder <mich...@stroeder.com> wrote: > nogenetics nogenetics wrote: >> On Fri, Aug 28, 2009 at 10:25 AM, nogenetics nogenetics < >> nnogenet...@gmail.com> wrote: >>> I have a PDC/BDC samba/ldap environment. >>> PDC: >>> samba 3.0.24 >>> slapd 2.3.30 >>> >>> BDC: >>> samba 3.2.5 >>> slapd 2.4.11 >>> >>> Ldap replication is working fine, but I have noticed two issues >>> >>> 1- when a windows user change password on BDC, sambaPwdMustChange and >>> sambaPwdCanChange is not synced on PDC >>> (using ldap passwd sync = yes and unix password sync = no) >>> >>> 2- when using 'net sam set pwdmustchange' on PDC, sambaPwdMustChange is >>> not synced on BDC >>> >>> Anyone can point me what's wrong? >>> >>> About issue 1- , I can use unix password sync = yes and ldap passwd >>> sync = >>> no (using smbldap-passwd) as workaround, but windows user get that >>> annoying >>> warning message (decode_pw_buffer-incorrect-password-length topic). Is >>> there a way to avoid this warning message? >>> This is a issue many users are experiencing. >>> >>> Thanks in advance for your time >>> >>> >> Bump! >> No hints? > > How are you sure you don't run into OpenLDAP replication problems? The > OpenLDAP versions you're running are quite old. slapd 2.3.x is not actively > supported anymore. There also were interop issues fixed regarding > replication > between 2.3.x and 2.4.x and numerous syncrepl fixes for 2.4.x. You should > definitely upgrade your OpenLDAP installations. > > Ciao, Michael. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba