[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Samba+LDAP - must change password flag doesn't reset

Hi Adam !

Thanks for your answer !

In this case you say it is "normal" that the pwdMustChange stays like this
after the pw change:

pwdCanChange: 0
pwdMustChange: 0

And it should be like this if it would working well:

pwdCanChange: 0
pwdMustChange: 2147483647

And you suggesetd to write  a script which is changin' the value after the
password change !

Okay, but how can I make this script to only run when the user has changed
the password ?

Best Regards !

Viktor Posta

                      Adam Williams                                                                                                            
                      <awilliam@whitemice.org>         To:       Viktor Posta/Hungary/Contr/IBM@IBMHU                                          
                      Sent by:                         cc:       OpenLDAP Mailling List <openldap-software@OpenLDAP.org>                       
                      owner-openldap-software@O        Subject:  Re: Samba+LDAP  - must change password flag doesn't reset                     
                      2002.04.19 18:52                                                                                                         
                      Please respond to Adam                                                                                                   

>I have a working Samba PDC with an LDAP backend !


>The problem, is that, when I set the on the user account the Must Change
>Password flag to , then it works,
>and at the next logon the user gets an answer, that you password will
>expire today !

Yep.  This is really a question for the Samba list, it isn't about

>Okay, change the password, everithing is OK, password changed...


>At the next logon the password change window come up again...   at the
>logon it come up again.... and so on


>- The password last set value, has been changed after a password change
>- The password really changed, so next time I can logon with the new one
>- The password must change value didn't change it is the same as before
> the pw change

Ok.  This is normal.

>I don't use the unix password change option in the samba conf, because
>I'm using the LDAP to store the users, and anyway only I'm the only one
>user who needs to logon from the Unix side to the server, so I don't need
>synchronize these !
>I guess somewhere I'm wrong , but maybe not, please help me folks !

Nope, your right.  The ldapsam doesn't yet maintain any time stamp
except the last change.    You can load a value in via a script that
thinks it is syncing the passwords.  Yes, it is a hack.  Hopefully 3.0
will finally maintain all the stamps.