A very strange SWAT: unix and samba password

Fajar Priyanto fajarpri at arinet.org
Mon Mar 26 09:51:31 UTC 2012

Hi all,
My setup is:
Ubuntu 10.04.3 LTS
Samba/Swat 3.4.7~dfsg-1ubuntu3.8

I apply min password age both on Unix and Samba.
I test SWAT and it seems to be working fine, except after few days I
notice that changing password from SWAT doesn't modify the "Last
password change" on unix password.

As the result now the info on my account is:
- Unix last password change: Mar 25, 2012
- Samba last password change: Mar 26, 2012.

I try to change password from SWAT again today (Mar 26), and surely SWAT says:
machine rejected the password change: Error was : Account restriction.
The passwd has NOT been changed.

In /var/log/log.smbd:
[2012/03/26 15:33:30,  1] smbd/chgpasswd.c:1124(change_oem_password)
 user fajar cannot change password now, must wait until Tue, 27 Mar
2012 15:33:30 SGT

This is the funny thing begins:
- Unix account is changed by SWAT. But the Last password change is still Mar 25.
- Samba account not changed. But after 1 minute (I think), samba
password is changed too. Match the unix password!!!

  security = user
  encrypt passwords = true
  passdb backend = tdbsam
  obey pam restrictions = yes
  unix password sync = yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
  pam password change = yes

Why so strange?
- Why SWAT manages to change the unix password but not update the Last
password change date?
- Why after 1 minute, the samba password got synched with unix password?

Any more info you need from me, pls me know.

Thank you.
P.S. I have an identical setup on Centos, and it doesn't have this problem.

More information about the ubuntu-users mailing list