Univention Bugzilla – Bug 42148
sambaPwdLastSet is not always set to '0' when it should be
Last modified: 2017-06-15 17:57:55 CEST
Steps to reproduce: - Create a password policy with a password expiry (this seems to be crucial) - Create regular user via UMC - Check "Change password on next login" In this case, the attribute 'sambaPwdLastSet' is NOT set to '0'. A customer reported that users are NOT prompted to change their password when logging in at Windows clients joined against a Samba/NT domain. This works fine, if "Change password on next login" is checked AFTER creating the user or if there is no password policy with a password expiry interval.
Created attachment 7929 [details] patch Reproduce: root@xen3:~# eval "$(ucr shell)" root@xen3:~# udm policies/pwhistory modify --dn "cn=default-settings,cn=pwhistory,cn=users,cn=policies,$ldap_base" --set expiryInterval=90 Object modified: cn=default-settings,cn=pwhistory,cn=users,cn=policies,dc=school,dc=local root@xen3:~# udm users/user create --set username=klaus1 --set password=univention --set lastname=klaus --set pwdChangeNextLogin=1 Object created: uid=klaus1,dc=school,dc=local root@xen3:~# univention-ldapsearch uid=klaus1 -LLLoldif-wrap=no sambaPwdLastSet dn: uid=klaus1,dc=school,dc=local sambaPwdLastSet: 123456789
*** Bug 28882 has been marked as a duplicate of this bug. ***
Fixed by a different patch. Advisory: univention-directory-manager-modules.yaml
OK: fix works. I wrote a test case: ucs-test (7.0.21-16): r78978 | Bug #42148: add test case 61_udm-users/34_user_creation_password_policy YAML: hmm, ~OK.
<http://errata.software-univention.de/ucs/4.2/41.html>