Thomas Stegbauer
2002-Apr-26 10:11 UTC
[Samba] samba 2.2.3a with-ldapsam, pwdMustchange solved
hi all, some days ago there was a discussion, where the pwdMustChange attribute was set to 0 to force the account to change the password at the next logon. unfortunatly samba did not set back the pwdMustChange, so the next time the user logs on, he needs again to change the password. so we modified $SAMBASOURCE/examples/LDAP/ldapsync.pl to work with openldap 2.0.x (with simplebind) and also to set back the pwdMustChange attribute to 2147483647 (why that number)? so if needed it can be included in the global section of smb.conf with unix password sync = Yes passwd program = /usr/local/sbin/ldapsync.pl -o %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *modifying* it uses right now all the system commands (ldapsearch and so on), so no extra perl modules are needed for now. the userpassword ist crypted (cause it was this way), maybe we change it to use ssha passwords anytime. and for creating the lmpasswords and ntpasswords it uses mkntpwd (it needs no extra libraries as smbencrypt, are there other differences?) the files can get downloaded at: http://www.tronicplanet.de/~stegbth/samba/ldapsync.pl http://www.tronicplanet.de/~stegbth/samba/mkntpwd.tar.gz so far thomas -- -- # Thomas Stegbauer # Tronicplanet Datendienst GmbH # http://www.keyserver.de:11371/pks/lookup?op=get&search=0xFF837A1A
abartlet@samba.org
2002-Apr-27 06:32 UTC
[Samba] samba 2.2.3a with-ldapsam, pwdMustchange solved
On Fri, Apr 26, 2002 at 07:08:10PM +0200, Thomas Stegbauer wrote:> hi all, > > some days ago there was a discussion, where the pwdMustChange attribute > was set to 0 to force the account to change the password at the next > logon. unfortunatly samba did not set back the pwdMustChange, so the > next time the user logs on, he needs again to change the password.This is correct in HEAD BTW, but I would not be supprised to heard that it didn't make it into 2.2. Andrew Bartlett