Univention Bugzilla – Bug 29775
S4 Connector Konvertierung sambaMaxPwdAge zu Samba4 unterstützt nicht -1
Last modified: 2013-05-30 10:28:22 CEST
Der S4 Connector erkennt nicht den speziellen Wert "-1" in sambaMaxPwdAge und konvertiert ihn zu maxPwdAge: 10000000 was vermutlich dann (pwdLastSet - 1) Sekunden bedeutet.. +++ This bug was initially created as a clone of Bug #29772 +++ root@master23:~# univention-ldapsearch -xLLL objectclass=sambadomain dn: sambaDomainName=ARUCS31I23,cn=samba,dc=arucs31i23,dc=qa sambaDomainName: ARUCS31I23 sambaSID: S-1-5-21-1429084368-1943113508-3274989293 objectClass: sambaDomain objectClass: univentionObject univentionObjectType: settings/sambadomain sambaNextUserRid: 1000 sambaNextGroupRid: 1000 sambaMinPwdLength: 8 sambaPwdHistoryLength: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaRefuseMachinePwdChange: 0 sambaNextRid: 1001 sambaLogonToChgPwd: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 root@master23:~# samba-tool domain passwordsettings show Password informations for domain 'DC=arucs31i23,DC=qa' Password complexity: on Store plaintext passwords: off Password history length: 0 Minimum password length: 8 Minimum password age (days): 0 Maximum password age (days): 0 root@master23:~# univention-s4search -b DC=arucs31i23,DC=qa -s base maxPwdAge minPwdAge pwdHistoryLength minPwdLength lockoutDuration lockOutObservationWindow lockoutThreshold forceLogoff SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS # record 1 dn: DC=arucs31i23,DC=qa forceLogoff: -9223372036854775808 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 minPwdLength: 8 pwdHistoryLength: 0 minPwdAge: 0 maxPwdAge: 10000000 lockoutDuration: -300000000
I think we should map -1 and 0 on UCS side to 0 on AD side since AD does not support -1.
-1 for sambaMaxPwdAge will now be mapped to 0 in Samba 4. A test case has been added: r40956 3.1-2: 40955 3.1-2 changelog: 40961 3.1-1-errata: r40957 YAML errata: r40960
Verfied: * sambaMaxPwdAge=-1 gets converted to maxPwdAge=0. * maxPwdAge > 0 gets converted to sambaMaxPwdAge=0. * Advisory slightly adjusted (TeX-Markup removed).
http://errata.univention.de/ucs/3.1/115.html