Maurizio Marini
2009-Jul-14 16:46 UTC
[389-users] administrator created w/out shadowAccount object
i cannot believe...but it''s true ;( the scenario: Centos 5.3 fully updated, Fedora that one i downloded by repository for Centos 5.3 last saturday samba: rpm -qa |grep samba system-config-samba-1.2.41-3.el5 samba-client-3.0.33-3.7.el5 samba-common-3.0.33-3.7.el5 samba-3.0.33-3.7.el5 rpm -qa |grep fedora fedora-ds-base-1.2.0-2.fc6 fedora-ds-dsgw-1.1.2-1.fc6 fedora-ds-admin-1.1.7-3.fc6 fedora-ds-1.1.3-1.fc6 fedora-ds-console-1.2.0-1.fc6 fedora-ds-admin-console-1.1.3-1.fc6 fedora-idm-console-1.1.3-1.fc6 samba is pdc with fds backend trying to change Administrator pasword using smbldap-passwd i get: Failed to modify UNIX password: attribute "shadowLastChange" not allowed changing for test user is fine checking with admin console i find that Administrator is without shadowAccount object. i folowed the samba howto to installa pdc, but i recovered a backup of previous pdc server taht was damaged and reinstalled my question is: when is added this object and who adds it? tia m. -- Maurizio Marini Via Collemare, 14 - 61039 San Costanzo (PU) - Italy GSM +39-335-8259739 RTG : +39-0721950396 0721870286 Skype: maumar@datalogica.com C.F. MRNMRZ59E17G920X P. Iva: 01332360419
Maurizio Marini
2009-Jul-14 17:07 UTC
Re: [389-users] administrator created w/out shadowAccount object
maybe this is the reason: shadowAccount is added by fds when you select Configuration Tab -> Password Expiration -> Pasword expires after ... as i have not select anything and changed Administartor, no shadowAccount was created for him, Then i added expiration and test user was fine What i failed was: i have not selected expiration passwords before changing Administrator (or anyone else) password isn''t it? -m