guilhermemtorresbase-lista@yahoo.com.br
2005-Nov-15 14:47 UTC
[Samba] D flag at sambaAcctFlags
Hello,
I have a server with Samba(3.0.13-1.1)/OpenLDAP and
sometimes my users get a D flag at sambaAcctFlags.
There are some users that don?t have all the samba
attributes yet.
I would like to know why it happens. Which
actions/attributes can tell to samba turn de D flag
on?
This is a ldif of a user that yesterday got a D flag:
uid=fulano,ou=Users,dc=grad,dc=br
dn: uid=fulano,ou=Users,dc=grad,dc=br
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: sambaSamAccount
uid: fulano
cn: fulano da silva
sn: Silva
userPassword: {crypt}8hjnSm/xTf0ss
uidNumber: 2795
gidNumber: 127
gecos: Fulano Da Silva
shadowLastChange: 13012
shadowMax: 99999
shadowWarning: 7
sambaSID:
S-1-5-21-3890934015-1816655379-4264717526-6590
homeDirectory: /export/home/fulano
loginShell: /bin/bash
sambaAcctFlags: [U ]
Thanks!
_______________________________________________________
Yahoo! Acesso Gr?tis: Internet r?pida e gr?tis.
Instale o discador agora!
http://br.acesso.yahoo.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 guilhermemtorresbase-lista@yahoo.com.br wrote:> Hello, > > I have a server with Samba(3.0.13-1.1)/OpenLDAP and > sometimes my users get a D flag at sambaAcctFlags. > > There are some users that don?t have all the samba > attributes yet. > > I would like to know why it happens. Which > actions/attributes can tell to samba turn de D flag > on?Please read the release notes for 3.0.2a. User's without a valid sambaPwdLastSet time are disabled. ******************* Attention! Achtung! Kree! ********************* Beginning with Samba 3.0.2, passwords for accounts with a last change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in ldapsam, etc...) of zero (0) will be regarded as uninitialized strings. This will cause authentication to fail for such accounts. If you have valid passwords that meet this criteria, you must update the last change time to a non-zero value. If you do not, then 'pdbedit --force-initialized-passwords' will disable these accounts and reset the password hashes to a string of X's. ******************* Attention! Achtung! Kree! ********************* cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDegndIR7qMdg1EfYRAhGzAKDCtonsGXYXGLzHVKwYdPe8DvE+awCg3rXQ GBfjy7n94sDvrxi0xD/oOzU=mrm4 -----END PGP SIGNATURE-----