Do you have any policy set about password changing?
Users are allowed to change their passwords every 7 days.
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
Edmundo Valle Neto wrote:
Edmundo Valle Neto escreveu:
Jason Baker escreveu:
I have been having some problems since I updated from Samba 3.0.23
to 3.0.25b. I have installed the latest version of smbldap-tools but
I am still not able to make certain changes to a user's account. I
have created a new user named JROLFE.
After I set up a new user, I will set it so they are required to
change their password when they first login. I usually do this
through LDAP Account Manager.
I set User can change password to a date in the past and User must
change password to a date in the past. But for some reason it didn't
work. If I run pdbedit -Lv -u jrolfe, I get:
Password last set: Mon, 01 Jan 2007 03:00:00 EST
Password can change: Mon, 08 Jan 2007 03:00:00 EST
Password must change: never
If I run ../smbldap-usershow jrolfe, I get:
sambaPwdCanChange: 1183795200
sambaPwdLastSet: 1167638400
sambaPwdMustChange: 1167638400
The unix times converted to english are: Sat, 07 Jul 2007 08:00:00
GMT and Mon, 01 Jan 2007 08:00:00 GMT. So you can see that the dates
do not match between pdbedit and smbldap-tools.
This is really causing a problem because I am trying to set up a new
user and cannot get his password to expire.
According the samba documentation:
sambaPwdLastSet: The integer time in seconds since 1970 when the
sambaLMPassword and sambaNTPassword attributes were last set.
sambaPwdCanChange: Specifies the time (UNIX time format) after which
the user is allowed to change his password. If this attribute is not
set, the user will be free to change his password whenever he wants.
sambaPwdMustChange: Specifies the time (UNIX time format) when the
user is forced to change his password. If this value is set to 0, the
user will have to change his password at first login. If this
attribute is not set, then the password will never expire.
"UNIX time format" (1) means exactly that time measured in seconds
since 1970, and your results appears to be coherent with time
measured in seconds.
sambaPwdCanChange: 1183795200
sambaPwdLastSet: 1167638400
Your sambaPwdCanChange is 7 days (measured in seconds) beyond
sambaPwdLastSet (thats is exactly the same result that pdbedit is
showing).
Passwords can be forced to change using smbldap-tools
"smbldap-usermod -B 1 user" too. And as the docs say, users are
forced to change their passwords when sambaPwdMustChange is set to 0.
I don't know how your system used to be, but the docs says how it
should behaves.
1. http://en.wikipedia.org/wiki/Unix_time
Regards.
Edmundo Valle Neto
Sorry, calculating the times seems that one of the results is really
incorrect, even with Unix time format.
Password last set is correct, the difference is between GMT and EST.
But Password can change isn't.
Do you have any policy set about password changing?
Regards.
Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
