Jörn Frenzel
2010-Apr-29 17:00 UTC
[Samba] Novell Client forces password change, Ver. 3.5.2. and LDAP
Dear all, we have a strange behavior using Samba (Verson 3.5.2) as PDC with Open LDAP (Version 2.1.22) as backend and an old Novell-Client (version: 4.91 SP5) running on WinXP (SP3 and higher). The old PDC (Version 3.0.28) was running over years with the same LDAP-Server as backend and with Novell installed on the clients. We decided to migrate to Samba 3.5.2 , updated all the LDAP schemas according to Samba Version 3.5.2, setup an new 64Bit Ubuntu (10.4) and build the new Samba. Everything worked fine and the testclient (without Novell) could login without any trouble. But if i try to login on a Novell-Client (using nwgina.dll instead of msgina.dll), i'm forced to set a new password and this is what we don't want. Users LDAP-Values for "sambaPwdMustChange" are quite old, but the LDAP-Value "sambaMaxPwdAge" for the object "sambaDomain" itself is set to "-1". As far as i understand, this should ever cover the "old-passwords-problem" and in indeed msgina.dll does not claim about old pwds. But nwgina seems to act in a different way. As we noticed in the nwgina.log, it is first asking if username and password apply and then it is asking about the password age. We digged around in the code, looking for the point nwgina uses to ask about the password age. Unfortunately we found nothing. Any help would be appreciated. Regards, Joern
Deyan Stoykov
2010-May-03 06:28 UTC
[Samba] Novell Client forces password change, Ver. 3.5.2. and LDAP
J?rn Frenzel wrote:> Dear all, > > we have a strange behavior using Samba (Verson 3.5.2) as PDC with Open > LDAP (Version 2.1.22) as backend and an old Novell-Client (version: 4.91 > SP5) running on WinXP (SP3 and higher). > > The old PDC (Version 3.0.28) was running over years with the same > LDAP-Server as backend and with Novell installed on the clients. > > We decided to migrate to Samba 3.5.2 , updated all the LDAP schemas > according to Samba Version 3.5.2, setup an new 64Bit Ubuntu (10.4) and > build the new Samba. Everything worked fine and the testclient (without > Novell) could login without any trouble. But if i try to login on a > Novell-Client (using nwgina.dll instead of msgina.dll), i'm forced to > set a new password and this is what we don't want. > > Users LDAP-Values for "sambaPwdMustChange" are quite old, but the > LDAP-Value "sambaMaxPwdAge" for the object "sambaDomain" itself is set > to "-1". As far as i understand, this should ever cover the > "old-passwords-problem" and in indeed msgina.dll does not claim about > old pwds. > > But nwgina seems to act in a different way. As we noticed in the > nwgina.log, it is first asking if username and password apply and then > it is asking about the password age. > > We digged around in the code, looking for the point nwgina uses to ask > about the password age. Unfortunately we found nothing.Hi Jorn, We're experiencing this as well. I believe it's caused by this bug: https://bugzilla.samba.org/show_bug.cgi?id=7066 Regards, Deyan -- Deyan Stoykov, dstoykov at uni-ruse.bg System administrator University of Ruse