Re: Samba+LDAP - must change password flag doesn't reset

[Adam Williams <awilliam@whitemice.org>]

>I have a working Samba PDC with an LDAP backend !

Great.

>The problem, is that, when I set the on the user account the Must Change
>Password flag to , then it works,
>and at the next logon the user gets an answer, that you password will
>expire today !

Yep.  This is really a question for the Samba list, it isn't about
OpenLDAP.


>Okay, change the password, everithing is OK, password changed...

Yep.

>At the next logon the password change window come up again...   at the next
>logon it come up again.... and so on

Yep.

>- The password last set value, has been changed after a password change
>- The password really changed, so next time I can logon with the new one
>- The password must change value didn't change it is the same as before
> the pw change

Ok.  This is normal.

>FYI:
>I don't use the unix password change option in the samba conf, because
>I'm using the LDAP to store the users, and anyway only I'm the only one
>user who needs to logon from the Unix side to the server, so I don't need to
>synchronize these !
>I guess somewhere I'm wrong , but maybe not, please help me folks !

Nope, your right.  The ldapsam doesn't yet maintain any time stamp
except the last change.    You can load a value in via a script that
thinks it is syncing the passwords.  Yes, it is a hack.  Hopefully 3.0
will finally maintain all the stamps.