First Last Prev Next    This bug is not in your last search results.
Bug 42148 - sambaPwdLastSet is not always set to '0' when it should be
sambaPwdLastSet is not always set to '0' when it should be
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2-0-errata
Assigned To: Arvid Requate
Florian Best
:
: 28882 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-26 14:45 CEST by Michael Grandjean
Modified: 2017-06-15 17:57 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

Attachments
patch (1.02 KB, patch)
2016-08-26 16:31 CEST, Florian Best 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Grandjean univentionstaff 2016-08-26 14:45:14 CEST 
Steps to reproduce:

- Create a password policy with a password expiry (this seems to be crucial)
- Create regular user via UMC
- Check "Change password on next login"

In this case, the attribute 'sambaPwdLastSet' is NOT set to '0'.
A customer reported that users are NOT prompted to change their password when logging in at Windows clients joined against a Samba/NT domain.

This works fine, if "Change password on next login" is checked AFTER creating the user or if there is no password policy with a password expiry interval.
Comment 1 Florian Best univentionstaff 2016-08-26 16:31:18 CEST 
Created attachment 7929 [details]
patch

Reproduce:
root@xen3:~# eval "$(ucr shell)"
root@xen3:~# udm policies/pwhistory modify --dn "cn=default-settings,cn=pwhistory,cn=users,cn=policies,$ldap_base" --set expiryInterval=90
Object modified: cn=default-settings,cn=pwhistory,cn=users,cn=policies,dc=school,dc=local
root@xen3:~# udm users/user create --set username=klaus1 --set password=univention --set lastname=klaus --set pwdChangeNextLogin=1
Object created: uid=klaus1,dc=school,dc=local
root@xen3:~# univention-ldapsearch uid=klaus1 -LLLoldif-wrap=no sambaPwdLastSet
dn: uid=klaus1,dc=school,dc=local
sambaPwdLastSet: 123456789
Comment 2 Florian Best univentionstaff 2016-09-07 18:16:04 CEST 
*** Bug 28882 has been marked as a duplicate of this bug. ***
Comment 3 Arvid Requate univentionstaff 2017-04-26 16:24:18 CEST 
Fixed by a different patch.

Advisory: univention-directory-manager-modules.yaml
Comment 4 Florian Best univentionstaff 2017-04-28 08:42:36 CEST 
OK: fix works. I wrote a test case:

ucs-test (7.0.21-16):
r78978 | Bug #42148: add test case 61_udm-users/34_user_creation_password_policy

YAML: hmm, ~OK.
Comment 5 Janek Walkenhorst univentionstaff 2017-06-15 17:57:55 CEST 
<http://errata.software-univention.de/ucs/4.2/41.html>
First Last Prev Next    This bug is not in your last search results.