Bug 42148

Summary: sambaPwdLastSet is not always set to '0' when it should be
Product: UCS Reporter: Michael Grandjean <grandjean>
Component: SambaAssignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Florian Best <best>
Severity: normal    
Priority: P5 CC: best, gohmann, requate
Version: UCS 4.1Flags: best: Patch_Available+
Target Milestone: UCS 4.2-0-errata   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=39817
https://forge.univention.org/bugzilla/show_bug.cgi?id=42015
What kind of report is it?: Bug Report What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171 Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Attachments: patch

Description Michael Grandjean univentionstaff 2016-08-26 14:45:14 CEST 
Steps to reproduce:

- Create a password policy with a password expiry (this seems to be crucial)
- Create regular user via UMC
- Check "Change password on next login"

In this case, the attribute 'sambaPwdLastSet' is NOT set to '0'.
A customer reported that users are NOT prompted to change their password when logging in at Windows clients joined against a Samba/NT domain.

This works fine, if "Change password on next login" is checked AFTER creating the user or if there is no password policy with a password expiry interval.
Comment 1 Florian Best univentionstaff 2016-08-26 16:31:18 CEST 
Created attachment 7929 [details]
patch

Reproduce:
root@xen3:~# eval "$(ucr shell)"
root@xen3:~# udm policies/pwhistory modify --dn "cn=default-settings,cn=pwhistory,cn=users,cn=policies,$ldap_base" --set expiryInterval=90
Object modified: cn=default-settings,cn=pwhistory,cn=users,cn=policies,dc=school,dc=local
root@xen3:~# udm users/user create --set username=klaus1 --set password=univention --set lastname=klaus --set pwdChangeNextLogin=1
Object created: uid=klaus1,dc=school,dc=local
root@xen3:~# univention-ldapsearch uid=klaus1 -LLLoldif-wrap=no sambaPwdLastSet
dn: uid=klaus1,dc=school,dc=local
sambaPwdLastSet: 123456789
Comment 2 Florian Best univentionstaff 2016-09-07 18:16:04 CEST 
*** Bug 28882 has been marked as a duplicate of this bug. ***
Comment 3 Arvid Requate univentionstaff 2017-04-26 16:24:18 CEST 
Fixed by a different patch.

Advisory: univention-directory-manager-modules.yaml
Comment 4 Florian Best univentionstaff 2017-04-28 08:42:36 CEST 
OK: fix works. I wrote a test case:

ucs-test (7.0.21-16):
r78978 | Bug #42148: add test case 61_udm-users/34_user_creation_password_policy

YAML: hmm, ~OK.
Comment 5 Janek Walkenhorst univentionstaff 2017-06-15 17:57:55 CEST 
<http://errata.software-univention.de/ucs/4.2/41.html>