Thanks for the bug report. This looks like a good candidate for an SRU.
Impact: LDAP schemas for samba that contains no password expiry information gets a NT_STATUS_PASSWORD_MUST_CHANGE error on machine account logon. From upstream:
The net_rpc_join.c code uses a level 24 to set the password when we
are joining a Samba PDC. Inside smbd we don't update the password last set
field from zero on level 24, only level 25. Thus the password last set is left
at zero on a join and subsequent auth attempts on the machine account fail with
a NT_STATUS_PASSWORD_MUST_CHANGE error.
I've reproduced this on 3.0.x but I think the same code is in 3.2 and this is a
blocker bug for 3.2.0.
Hi,
Thanks for the bug report. This looks like a good candidate for an SRU.
Impact: LDAP schemas for samba that contains no password expiry information gets a NT_STATUS_ PASSWORD_ MUST_CHANGE error on machine account logon. From upstream:
The net_rpc_join.c code uses a level 24 to set the password when we PASSWORD_ MUST_CHANGE error.
are joining a Samba PDC. Inside smbd we don't update the password last set
field from zero on level 24, only level 25. Thus the password last set is left
at zero on a join and subsequent auth attempts on the machine account fail with
a NT_STATUS_
I've reproduced this on 3.0.x but I think the same code is in 3.2 and this is a
blocker bug for 3.2.0.
https:/ /bugzilla. samba.org/ show_bug. cgi?id= 5555
How to reproduce:
See above.
I have attached the patch which fixes this issue. If you have any questions please feel free to ask.
Regards
chuck