Bryan Payne
2008-Dec-03 16:14 UTC
[Samba] Can change password but cannot force password change
The setup: Two pdc's- pdcA is local, pdcB is remote. Openldap- local, both pdc's talk to it. The situation: I set a user's pwdLastSet to zero to force a password change upon login. If the user is logging into a machine talking to pdcA, it asks them to change their password. If the user is logging into a machine talking to pdcB, it acts like the user doesn't exist. However, if that user has an already set password, they can login to either pdc. Even further confusing me is that the users can change their password when talking to either pdc. Amazingly enough, the logs don't tell me anything, ldap logs or pdc logs. The only difference between the pdc's is one pdcA is Ubuntu Hardy while pdcB is Ubuntu Feisty.
Jeremy Allison
2008-Dec-03 20:49 UTC
[Samba] Can change password but cannot force password change
On Wed, Dec 03, 2008 at 10:16:16AM -0600, Bryan Payne wrote:> The setup: > Two pdc's- pdcA is local, pdcB is remote. > Openldap- local, both pdc's talk to it. > > The situation: > I set a user's pwdLastSet to zero to force a password change upon login. > If the user is logging into a machine talking to pdcA, it asks them to > change their password. If the user is logging into a machine talking to > pdcB, it acts like the user doesn't exist. However, if that user has an > already set password, they can login to either pdc. Even further > confusing me is that the users can change their password when talking to > either pdc. > > Amazingly enough, the logs don't tell me anything, ldap logs or pdc > logs. The only difference between the pdc's is one pdcA is Ubuntu Hardy > while pdcB is Ubuntu Feisty.Strange. Can you get a debug level 10 log of both cases so we can track where they diverge ? Jeremy.