Bug 42148 - sambaPwdLastSet is not always set to '0' when it should be
sambaPwdLastSet is not always set to '0' when it should be
Product: UCS
Classification: Unclassified
Component: Samba
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2-0-errata
Assigned To: Arvid Requate
Florian Best
: 28882 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2016-08-26 14:45 CEST by Michael Grandjean
Modified: 2017-06-15 17:57 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

patch (1.02 KB, patch)
2016-08-26 16:31 CEST, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Grandjean univentionstaff 2016-08-26 14:45:14 CEST
Steps to reproduce:

- Create a password policy with a password expiry (this seems to be crucial)
- Create regular user via UMC
- Check "Change password on next login"

In this case, the attribute 'sambaPwdLastSet' is NOT set to '0'.
A customer reported that users are NOT prompted to change their password when logging in at Windows clients joined against a Samba/NT domain.

This works fine, if "Change password on next login" is checked AFTER creating the user or if there is no password policy with a password expiry interval.
Comment 1 Florian Best univentionstaff 2016-08-26 16:31:18 CEST
Created attachment 7929 [details]

root@xen3:~# eval "$(ucr shell)"
root@xen3:~# udm policies/pwhistory modify --dn "cn=default-settings,cn=pwhistory,cn=users,cn=policies,$ldap_base" --set expiryInterval=90
Object modified: cn=default-settings,cn=pwhistory,cn=users,cn=policies,dc=school,dc=local
root@xen3:~# udm users/user create --set username=klaus1 --set password=univention --set lastname=klaus --set pwdChangeNextLogin=1
Object created: uid=klaus1,dc=school,dc=local
root@xen3:~# univention-ldapsearch uid=klaus1 -LLLoldif-wrap=no sambaPwdLastSet
dn: uid=klaus1,dc=school,dc=local
sambaPwdLastSet: 123456789
Comment 2 Florian Best univentionstaff 2016-09-07 18:16:04 CEST
*** Bug 28882 has been marked as a duplicate of this bug. ***
Comment 3 Arvid Requate univentionstaff 2017-04-26 16:24:18 CEST
Fixed by a different patch.

Advisory: univention-directory-manager-modules.yaml
Comment 4 Florian Best univentionstaff 2017-04-28 08:42:36 CEST
OK: fix works. I wrote a test case:

ucs-test (7.0.21-16):
r78978 | Bug #42148: add test case 61_udm-users/34_user_creation_password_policy

YAML: hmm, ~OK.
Comment 5 Janek Walkenhorst univentionstaff 2017-06-15 17:57:55 CEST