[Samba] samba doesnt change shadowLastChange - Samba

This is a discussion on [Samba] samba doesnt change shadowLastChange - Samba ; Hello I have a samba 3 working as a PDC with Ldap as a authentication backend. I have a such problem, when user in windows try to change password to samba by ctr+alt+delete, password is changing (password is also sync ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: [Samba] samba doesnt change shadowLastChange

  1. [Samba] samba doesnt change shadowLastChange

    Hello
    I have a samba 3 working as a PDC with Ldap as a authentication backend.
    I have a such problem, when user in windows try to change password to
    samba by ctr+alt+delete, password is changing (password is also sync and
    it works fine ), but the ldap attribute shadowLastChange doesnt change.
    What is wrong?
    thanks in advance

    tim
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] samba doesnt change shadowLastChange

    Hi,

    empirium schrieb:
    > I have a samba 3 working as a PDC with Ldap as a authentication backend.
    > I have a such problem, when user in windows try to change password to
    > samba by ctr+alt+delete, password is changing (password is also sync and
    > it works fine ), but the ldap attribute shadowLastChange doesnt change.
    > What is wrong?


    Maybe the user you use to connect to LDAP is not allowed to write this
    attribute. Have a look to your LDAP configuration.


    Regards
    Marc

    --
    Marc Muehlfeld (Leitung Systemadministration)
    Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
    Lochhamer Str. 29 - D-82152 Martinsried
    Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
    http://www.medizinische-genetik.de
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] samba doesnt change shadowLastChange

    Marc Muehlfeld napisał(a):
    > Hi,
    >
    > empirium schrieb:
    >> I have a samba 3 working as a PDC with Ldap as a authentication backend.
    >> I have a such problem, when user in windows try to change password to
    >> samba by ctr+alt+delete, password is changing (password is also sync
    >> and it works fine ), but the ldap attribute shadowLastChange doesnt
    >> change.
    >> What is wrong?

    >
    > Maybe the user you use to connect to LDAP is not allowed to write this
    > attribute. Have a look to your LDAP configuration.
    >
    >
    > Regards
    > Marc
    >

    is slapd.conf I have
    access to *
    by self write
    by users read
    by anonymous auth

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] samba doesnt change shadowLastChange

    Hi,

    empirium schrieb:
    > is slapd.conf I have
    > access to *
    > by self write
    > by users read
    > by anonymous auth


    You don't have special ACLs for the user samba uses for connecting to LDAP?

    Something like
    access to attr=uid,uidNumber,gidNumber,cn,homeDirectory,.... ..
    by dn="uid=samba,ou=Users,dc=mydomain,dc=de" write
    by anonymous read
    by * none

    Or try adding the user to your "*" ACL for letting this user write everywhere,
    if you know what this could result in.


    Regards
    Marc


    --
    Marc Muehlfeld (Leitung Systemadministration)
    Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
    Lochhamer Str. 29 - D-82152 Martinsried
    Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
    http://www.medizinische-genetik.de
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  5. Re: [Samba] samba doesnt change shadowLastChange

    On Tue, 2007-09-11 at 08:21 +0200, empirium wrote:
    > Hello
    > I have a samba 3 working as a PDC with Ldap as a authentication backend.
    > I have a such problem, when user in windows try to change password to
    > samba by ctr+alt+delete, password is changing (password is also sync and
    > it works fine ), but the ldap attribute shadowLastChange doesnt change.
    > What is wrong?


    Is it meant to?

    Samba updates it's attributes - if you changed the LDAP password too,
    then perhaps you should look into a server side module that might also
    update that value?

    Andrew Bartlett

    --
    Andrew Bartlett
    http://samba.org/~abartlet/
    Authentication Developer, Samba Team http://samba.org
    Samba Developer, Red Hat Inc.

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQBG5kq0z4A8Wyi0NrsRAmOkAKCctEiob1SBw0o3J0fZCt R4wHV0YACfdk/F
    Kfc9G2THey1N/Mrr5QmQgV8=
    =/kis
    -----END PGP SIGNATURE-----


  6. [Samba] Re: samba doesnt change shadowLastChange

    >>>>> "Andrew" == Andrew Bartlett writes:

    >> I have a samba 3 working as a PDC with Ldap as a authentication backend.
    >> I have a such problem, when user in windows try to change password to
    >> samba by ctr+alt+delete, password is changing (password is also sync and
    >> it works fine ), but the ldap attribute shadowLastChange doesnt change.
    >> What is wrong?


    Andrew> Is it meant to?

    Andrew> Samba updates it's attributes - if you changed the LDAP password too,
    Andrew> then perhaps you should look into a server side module that might also
    Andrew> update that value?

    I haven't investigated in detail yet, but I have noticed the same thing.

    >From memory (I don't have a box to test this in conveniently available

    right now), the password is updated (so I don't think it is a
    permission issue), but the user can't log in because the password is
    still marked as expired, and Windows asks the user to change there
    password again.

    I have changed various things since then, really need to try it again.
    --
    Brian May

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  7. [Samba] Re: samba doesnt change shadowLastChange

    >>>>> "Brian" == Brian May writes:

    Andrew> Is it meant to?

    Whenever the shadow password is updated, shadowLastChange should get
    updated too.

    Brian> I have changed various things since then, really need to try it again.

    Unfortunately, my computer appears to be ignoring shadow password
    expiry at the moment (it was working...), so I am unable to test the
    same scenario that caused me grief before.

    I am able to confirm though, if the Samba password has expired, and I
    change the password on log in, it updates both the Samba and Shadow
    passwords, but it does not update shadowLastChange.
    --
    Brian May

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread