OK, found it myself.
sambaPwdLastSet should not be Zero.
==============================
Release Notes for Samba 3.0.2a
February 13, 2004
==============================
Samba 3.0.2a is a minor patch release for the 3.0.2 code base
to address, in particular, a problem when using pdbedit to
sanitize (--force-initialized-passwords) Samba's tdbsam
backend. This is the latest stable release of Samba. This
is the version that all production Samba servers should be
running for all current bug-fixes.
******************* Attention! Achtung! Kree! *********************
Beginning with Samba 3.0.2, passwords for accounts with a last
change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in
ldapsam, etc...) of zero (0) will be regarded as uninitialized
strings. This will cause authentication to fail for such
accounts. If you have valid passwords that meet this criteria,
you must update the last change time to a non-zero value. If you
do not, then 'pdbedit --force-initialized-passwords' will disable
these accounts and reset the password hashes to a string of X's.
******************* Attention! Achtung! Kree! *********************
-----------------------------------------------------------------------------------------------
Jörg Junge
IT-Koordinator
Paritätischer Wohlfahrtsverband
Landesverband Thüringen e.V.
Bergstr. 11
99192 Neudietendorf
Deutschland
Tel : +49 36202 26 204
Fax: +49 36202 26 234
http://www.paritaet-th.de
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
