[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Samba+LDAP - must change password flag doesn't reset
Hi Adam !
Thanks for your answer !
In this case you say it is "normal" that the pwdMustChange stays like this
after the pw change:
pwdCanChange: 0
pwdMustChange: 0
And it should be like this if it would working well:
pwdCanChange: 0
pwdMustChange: 2147483647
And you suggesetd to write a script which is changin' the value after the
password change !
Okay, but how can I make this script to only run when the user has changed
the password ?
Best Regards !
Viktor Posta
Adam Williams
<awilliam@whitemice.org> To: Viktor Posta/Hungary/Contr/IBM@IBMHU
Sent by: cc: OpenLDAP Mailling List <openldap-software@OpenLDAP.org>
owner-openldap-software@O Subject: Re: Samba+LDAP - must change password flag doesn't reset
penLDAP.org
2002.04.19 18:52
Please respond to Adam
Williams
>I have a working Samba PDC with an LDAP backend !
Great.
>The problem, is that, when I set the on the user account the Must Change
>Password flag to , then it works,
>and at the next logon the user gets an answer, that you password will
>expire today !
Yep. This is really a question for the Samba list, it isn't about
OpenLDAP.
>Okay, change the password, everithing is OK, password changed...
Yep.
>At the next logon the password change window come up again... at the
next
>logon it come up again.... and so on
Yep.
>- The password last set value, has been changed after a password change
>- The password really changed, so next time I can logon with the new one
>- The password must change value didn't change it is the same as before
> the pw change
Ok. This is normal.
>FYI:
>I don't use the unix password change option in the samba conf, because
>I'm using the LDAP to store the users, and anyway only I'm the only one
>user who needs to logon from the Unix side to the server, so I don't need
to
>synchronize these !
>I guess somewhere I'm wrong , but maybe not, please help me folks !
Nope, your right. The ldapsam doesn't yet maintain any time stamp
except the last change. You can load a value in via a script that
thinks it is syncing the passwords. Yes, it is a hack. Hopefully 3.0
will finally maintain all the stamps.