Marco Gaiarin
2019-Jul-26 13:39 UTC
[Samba] 'samba-tool user setpassword', PwdLastSet and expiration...
I've a script 'infrastructure' that manage password propagation between some domains/password sources. When, in my AD domains, i ''consume'' a passord caming from another domain, i run: samba-tool user setpassword ${USER} --option="check password script"="" --newpassword="$mypassword" and the script exit with status 0 and print 'Changed password OK', but sometimes does not update PdwLastSet, and so users (if password are expired) cannot login, eg, with ssh (pam/winbind). If i logon on windows, PdwLastSet get updated. There's something i can do to 'force' PdwLastSet update? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Marco Gaiarin
2019-Aug-27 16:19 UTC
[Samba] 'samba-tool user setpassword', PwdLastSet and expiration...
I resend this:> I've a script 'infrastructure' that manage password propagation between > some domains/password sources. > > When, in my AD domains, i ''consume'' a passord caming from another > domain, i run: > > samba-tool user setpassword ${USER} --option="check password script"="" --newpassword="$mypassword" > > and the script exit with status 0 and print 'Changed password OK', but > sometimes does not update PdwLastSet, and so users (if password are > expired) cannot login, eg, with ssh (pam/winbind). > > If i logon on windows, PdwLastSet get updated. > > > There's something i can do to 'force' PdwLastSet update? Thanks.a bit because holiday passwed, a bit because i've spotted another time this 'bug'. A user (that access my server remotely, only via SSH) changed their password in this way (eg, via 'samba-tool user setpassword'), but account expired (get disabled) because 'PdwLastSet' get no update. Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Andrew Bartlett
2019-Aug-27 19:02 UTC
[Samba] 'samba-tool user setpassword', PwdLastSet and expiration...
On Tue, 2019-08-27 at 18:19 +0200, Marco Gaiarin via samba wrote:> I resend this: > > > I've a script 'infrastructure' that manage password propagation > > between > > some domains/password sources. > > > > When, in my AD domains, i ''consume'' a passord caming from another > > domain, i run: > > > > samba-tool user setpassword ${USER} --option="check password > > script"="" --newpassword="$mypassword" > > > > and the script exit with status 0 and print 'Changed password OK', > > but > > sometimes does not update PdwLastSet, and so users (if password are > > expired) cannot login, eg, with ssh (pam/winbind). > > > > If i logon on windows, PdwLastSet get updated. > > > > > > There's something i can do to 'force' PdwLastSet update? Thanks. > > a bit because holiday passwed, a bit because i've spotted another > time > this 'bug'. > > A user (that access my server remotely, only via SSH) changed their > password in this way (eg, via 'samba-tool user setpassword'), but > account expired (get disabled) because 'PdwLastSet' get no update.Which Samba version is this? Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
Reasonably Related Threads
- 'samba-tool user setpassword', PwdLastSet and expiration...
- 'samba-tool user setpassword', PwdLastSet and expiration...
- How to change Domain password as normal user?
- samba-ldap and password expiration
- samba-tool user password/setpassword and password change timestamp...