bugsmbldap-tools - Bugs: bug #10148, smbldap-usermod sets wrong samba...

 
 
Show feedback again

You are not allowed to post comments on this tracker with your current authentification level.

bug #10148: smbldap-usermod sets wrong samba password modify time

Submitted by:  Alain D D Williams <addw>
Submitted on:  Mon 15 Oct 2007 02:49:32 PM UTC  
 
Category: NoneSeverity: 5 - Blocker
Priority: 5 - NormalStatus: Invalid
Privacy: PublicAssigned to: None
Open/Closed: Open

Mon 05 Mar 2012 02:25:38 PM UTC, comment #3:

I think smbldap-usermod is correct.

FYI: Samba 3.0.25 and later ignores sambaPwdMustChange attribute.
http://lists.samba.org/archive/samba-technical/2007-May/thread.html#53491

SATOH Fumiyasu <fumiyas>
Project Member
Fri 15 Feb 2008 05:30:34 PM UTC, comment #2:

Well, --sambaExpire update the sambakickoffTime, as Windows does. In fact, i based myself on what the servtools done: in user manager (usrmgr.exe), when setting an expiration date to the account, sambakickoffTime is updated, not sambaPwdMustChange. But maybe i'm wrong. If you have any links to help me...

Tournier Jerome <jtournier>
Project Administrator
Thu 20 Dec 2007 05:53:33 PM UTC, comment #1:

I guess the explanation given by smbldap-tools isn't entirely clear, but as I understand it the expire option refers to account expiration--not password. This is why it sets kickoffTime: after that point they can no longer use the account.

In fact there already is a way to modify sambaPwdMustChange:
-B|--sambaPwdMustChange must change password ? 0 if no, 1 if yes

Clearly it does not take a date, but if something should be changed it would seem to be that.

It may also be worth nothing that smbldap-passwd appears to behave correctly by setting sambaPwdMustChange to $date+$config{defaultMaxPasswordAge}*24*60*60 after a password change as one would expect, assuming defaultMaxPasswordAge is set.

Andy Clayton <clayton>
Mon 15 Oct 2007 02:49:32 PM UTC, original submission:

If I run: smbldap-usermod --sambaExpire '2009-10-11 01:01:02' it modified the LDAP attribute sambakickoffTime, this appears to be wrong it should be instead the attribute sambaPwdMustChange, or that attribute as well.

This involves changing near line 472 in smbldap-tools version 0.9.4

When I do this the users no longer get warnings about their passwords about to exire.

I have not sumbitted this as a patch since I don't understand the ldap schema and so am not sure that this is the correct thing to do. "It works for me" is not the best basis for a patch.

Alain D D Williams <addw>

 

No files currently attached

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by fumiyas (Posted a comment)
  • -unavailable- added by jtournier (Posted a comment)
  • -unavailable- added by clayton (Posted a comment)
  • -unavailable- added by addw (Submitted the item)
  • -unavailable- added by addw
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    Follow 3 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Mon 05 Mar 2012 02:25:38 PM UTCfumiyasStatusNeed Info=>Invalid
    Fri 15 Feb 2008 05:31:07 PM UTCjtournierStatusNone=>Need Info
    Mon 15 Oct 2007 02:49:32 PM UTCaddwCarbon-Copy-=>Added addw
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup