[Pkg-samba-maint] Bug#532859: Warning: sambaPwdLastSet became a mandatory ldapsam attribute

Oded Naveh skilinux at gmail.com
Sat Aug 15 20:03:44 UTC 2009

Hi Josip

Thank you for this bug report, it has been great help in figuring out the 
problem that prevents users from logging in from Samba clients.

However once pointed towards sambaPwdLastSet I found the folowing warning in 
the Release Notes for Samba 3.0.2a  and all subsequent 3.0.x releases:

******************* Attention! Achtung! Kree! *********************

Beginning with Samba 3.0.2, passwords for accounts with a last 
change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in
ldapsam, etc...) of zero (0) will be regarded as uninitialized 
strings.  This will cause authentication to fail for such
accounts.  If you have valid passwords that meet this criteria, 
you must update the last change time to a non-zero value.  If you 
do not, then  'pdbedit --force-initialized-passwords' will disable 
these accounts and reset the password hashes to a string of X's.

******************* Attention! Achtung! Kree! *********************

This was also included in Debian's package: samba (3.0.24-6etch10), as 

ref: http://samba.org/samba/history/samba-3.0.2a.html

More information about the Pkg-samba-maint mailing list