[Pkg-samba-maint] Bug#425083: Samba 3.0.25-1 and 3.0.25-1+b1 is unusable as domain controller

Ralph Passgang ralph at debianbase.de
Fri May 18 23:04:45 UTC 2007 

Package: samba
Version: 3.0.25-1+b1
Severity: important

I am using samba since a long time as domain controller for a small domain of 
windows and linux computers. Since I upgraded to 3.0.25-1 samba is unusable 
for me and all domain users. Also upgrading to 3.0.25-1+b1 doesn't seem to 
fix this problem.

Windows users that want to login to their win xp workstations get the error 
message that their account has expired and they need to change their password 
before they can login. Even if they do this, after logging in they are 
getting the message that their passowrd will expire "today" and they should 
change it (again).

pdbedit show this for all of the users this or similar times:

Password last set:    Fri, 18 May 2007 20:57:21 CEST
Password can change:  Fri, 18 May 2007 20:57:21 CEST
Password must change: Fri, 18 May 2007 21:03:17 CEST

so the users have just 6 minutes in time where their accounts are valid 
without changing the password again and again. After that time fileshares 
seems to be unusable (from windows and linux clients). Also direct client to 
client connections doesn't work, because the accounts are expiring very fast. 
The samba log always shows this or similar messages:

[2007/05/19 00:39:00, 1] auth/auth_sam.c:sam_account_ok(178)
  sam_account_ok: Account for user 'ralph' password expired!.
[2007/05/19 00:39:00, 1] auth/auth_sam.c:sam_account_ok(179)
  sam_account_ok: Password expired at 'Fri, 18 May 2007 21:03:17 CEST'

If I downgrade to 3.0.24-6 again, then everything works as expected and 
without even setting the password again, pdbedit shows this:

Password last set:    Fri, 18 May 2007 20:57:21 CEST
Password can change:  Fri, 18 May 2007 20:57:21 CEST
Password must change: Tue, 19 Jan 2038 04:14:07 CET

My smb.conf has these settings (just the important lines):
        domain logons = yes
        domain master = yes
        preferred master = yes
        encrypt passwords = true
        passdb backend = smbpasswd
        security = user

I don't think I have an exotic configuration, so this might affect quite a lot 
people? Please tell me if you need more information to reproduce this bug.

--Ralph

More information about the Pkg-samba-maint mailing list