samba - Aug 2006 - passdb.tdb not updated when changing passwords

I'm using samba on CentOS 3.7 (3.0.9 + rh patches)
I had smbpasswd as backend and I'm testing migration to tdbsam.
After exporting successfully to tdbsam and setting
passdb backend = tdbsam
in smb.conf
if I change from inside a windows xp machine the password ot the user and then
pdbedit-Lv user
I get
Logon time:           0
Logoff time:          ven, 13 dic 1901 21:45:51 GMT
Kickoff time:         ven, 13 dic 1901 21:45:51 GMT
Password last set:    gio, 17 ago 2006 14:59:18 GMT
Password can change:  ven, 18 ago 2006 14:59:18 GMT
Password must change: lun, 16 ott 2006 14:59:18 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Questions:
1) it seems passdb.tdb is read but not written based on its timestamp
Shouldn't it be modified with the new encrypted password? the same
happens if for example I change full name of a user...
Where are otherwise written these informations

2) in the example above, the user cannot change today his password.
What can I do to reset this for the user?

3) It seems that no --pwd-must-change-time option is working in my environment.
Was this a late introducted feature?

4) Does it exist for latest releases also the opportunity to change
the "Password can change" date? something like --pwd-can-change-time
option?

Thanks in advance for your help
Gianluca

PS: please tell me if any question regarding customized version of
samba, such as RH, is automatically ignored by the gurus... this would
be in some way acceptable but knowing it would at least save time for
me.

On Thu, 2006-08-17 at 15:24 +0200, Gianluca Cecchi
wrote:
> I'm using samba on CentOS 3.7 (3.0.9 + rh patches)
> I had smbpasswd as backend and I'm testing migration to tdbsam.
> After exporting successfully to tdbsam and setting
> passdb backend = tdbsam
> in smb.conf
> if I change from inside a windows xp machine the password ot the user and
then
> pdbedit-Lv user
> I get
> Logon time:           0
> Logoff time:          ven, 13 dic 1901 21:45:51 GMT
> Kickoff time:         ven, 13 dic 1901 21:45:51 GMT
> Password last set:    gio, 17 ago 2006 14:59:18 GMT
> Password can change:  ven, 18 ago 2006 14:59:18 GMT
> Password must change: lun, 16 ott 2006 14:59:18 GMT
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> 
> Questions:
> 1) it seems passdb.tdb is read but not written based on its timestamp
> Shouldn't it be modified with the new encrypted password? the same
> happens if for example I change full name of a user...
> Where are otherwise written these informations
some kernels have a bug that will prevent them from correctly updating
the mtime when mmpped files are changed and tdb usually is mmapped.
> 2) in the example above, the user cannot change today his password.
> What can I do to reset this for the user?
change the pass can change value, and set it to a time before the
present.
> 3) It seems that no --pwd-must-change-time option is working in my
environment.
> Was this a late introducted feature?
3.0.9 is quite old, I would update anyway, later versions have more
options.
> 4) Does it exist for latest releases also the opportunity to change
> the "Password can change" date? something like
--pwd-can-change-time
> option?
IIRC yes.
> Thanks in advance for your help
> Gianluca
Prego.
> PS: please tell me if any question regarding customized version of
> samba, such as RH, is automatically ignored by the gurus... this would
> be in some way acceptable but knowing it would at least save time for
> me.
It's not, but 3.0.9 is way too old, we recommend running the latest
samba versions for all the bugfixes and windows compatibility fixes we
introduce at each release.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra@samba.org
http://samba.org