[ale] accounts expiring in samba/ldap config

[Allgood, John]

Hey all,

We are running openldap and samba on RHEL5. The end users passwords appear to silently expire and lock them out of their RHEL5 servers. The only way to get the user back in is for one of the admins to reset the password for the user on the samba server like this:

smbldap-passwd $USER

We have tried some things like  to disable expiration but it has not helped. At the moment we are looking for a way to reset the accounts so that they stop expiring at unopportune times so that we stop the flood of support issues and then deal with the problem in a different manner.

Tried this among other commands:
smbldap-usermod -B -! $USER

Here is a before an after password reset dump of user data.. After diffing the results I noticed the sambaPwdLastSet value changed. I have looked for a way to manually set this to alleviate the immediate problem at hand but have yet to find a method. There doesn't seem to be a way to do this using pdbedit or smbldap-usermod. Any ideas or suggestions on this one? 

BEFORE password reset
smbldap-usershow wendi
dn: uid=wendi,ou=Users,dc=turbocorp,dc=com
objectClass: top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount,inetLocalMailRecipient
cn: Wendi 
sn: Stilskin
givenName: Wendi
uid: wendi
uidNumber: 1138
gidNumber: 1001
homeDirectory: /home/wendi
loginShell: /bin/bash
gecos: Wendi Stilskin
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: Wendi Stilskin
sambaSID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaProfilePath: \\SAMBA\profiles\wendi
sambaHomePath: \\SAMBA\wendi
sambaPrimaryGroupSID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaHomeDrive: Z:
mailLocalAddress: wendi
mail: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaPwdLastSet: 1235589930
sambaPwdMustChange: 1251141930
userPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaDomainName: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [XU]

AFTER password reset
smbldap-usershow wendi
dn: uid=wendi,ou=Users,dc=turbocorp,dc=com
objectClass: top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount,inetLocalMailRecipient
cn: Wendi Stilskin
sn: Stilskin
givenName: Wendi
uid: wendi
uidNumber: 1138
gidNumber: 1001
homeDirectory: /home/wendi
loginShell: /bin/bash
gecos: Wendi Stilskin
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: Wendi Stilskin
sambaSID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaProfilePath: \\SAMBA\profiles\wendi
sambaHomePath: \\SAMBA\wendi
sambaPrimaryGroupSID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaHomeDrive: Z:
mailLocalAddress: wendi
mail: 
sambaPwdMustChange: 1251141930
sambaDomainName: TURBOCORP
sambaAcctFlags: [XU]
sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaPwdLastSet: 1251143775
userPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

John Allgood
Senior Systems Administrator
Turbo, division of OHL
2251 Jesse Jewell Pky. NE
Gainesville, GA 30507
tel: (678) 989-3051  fax: (770) 531-7878

jallgood at ohl.com
www.ohl.com



______________________________________________________

This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.