we have a strange behavior using Samba (Verson 3.5.2) as PDC with Open LDAP
(Version 2.1.22) as backend and an old Novell-Client (version: 4.91 SP5)
running on WinXP (SP3 and higher). The old PDC (Version 3.0.28) was running
over years with the same
LDAP-Server as backend and with Novell installed on the clients.
We decided to migrate to Samba 3.5.2 , updated all the LDAP schemas
according to Samba Version 3.5.2, setup an new 64Bit Ubuntu (10.4) and
build the new Samba. Everything worked fine and the testclient (without
Novell) could login without any trouble. But if i try to login on a
Novell-Client (using nwgina.dll instead of msgina.dll), i'm forced to set a
new password and this is what we don't want.
Users LDAP-Values for "sambaPwdMustChange" are quite old, but the
LDAP-Value "sambaMaxPwdAge" for the object "sambaDomain" itself is set to
"-1". As far as i understand, this should ever cover the
"old-passwords-problem" and in indeed msgina.dll does not claim about old pwds.
As my colleague figured out msgina uses the function "NetUserGetInfo" in
level 2, but nwgina calls this function in level 3.
So, the question is: Why is samba 3.5.2 ignoring "sambaMaxPwdAge = -1" when
NetUserGetInfo is called in Level 3?
In the case, no one knows the answer to my question exactly, it also could
be helpfull for us to know the name of the sourcefile and the linenumber
where NetUserGetInfo is finally returning. We looked around in the code,
but it was too confusing for us.
Any help would be appreciated.