Losing PDC password length, age, and history settings everytime I restart EBOX

[jaycool]

I am having a problem with my PDC setting in Ebox. I can join my xp machines to the domain without any problem, and i can change the password length, age, and history settings. The settings work until I restart and then they are disabled or back enabled with a 0. I have tried EBOX 1.1.3 and just tried 1.2 and both keep giving me the same problem. So, my question is this a bug or am I just doing something wrong? If its a bug will the new 1.3 version take care of this problem?

[javi]

It's a bug. I'm gonna open a ticket to try find out what's wrong. It should be fixed in a few days.

[J. A. Calvo]

1.3 version will be "unstable" forever, ebox 1.4 will be the next stable

but in the cases of bugs like that, there will be updates of the module ASAP, (1.2.1 version, 1.2.2, ...)

So, you don't have to use 1.3 to get that fixed, it will be fixed in 1.2 very soon

Regards,

J. A. Calvo

[jaycool]

Thanks a lot for your quick response.

[javi]

It seems the only problem was with the minium password length. I've fixed it in ebox-samba 1.2.1. Could you please update and tell me if it fixes your issue? Please, rembember to set the values again before restarting.

Thanks!

[jaycool]

I updated to samba 1.2.1 and I adjusted the minimum password length to 8, the age to 90 days, and the history to 6. I then restarted and it did the same thing as before, password length was disabled, the age was enabled and set to 0, and the history was disabled. Am I doing something wrong?

Thanks

[javi]

I updated to samba 1.2.1 and I adjusted the minimum password length to 8, the age to 90 days, and the history to 6. I then restarted and it did the same thing as before, password length was disabled, the age was enabled and set to 0, and the history was disabled. Am I doing something wrong?

That's weird. So when you click on PDC settings, you see the values set to 0?

Could you readjust the values and post the content of  the dn object called "dn sambaDomainName=<YOUR_DOMAIN>,dc=ebox" using the command "sudo slapcat". It will be something like this:

Code: [Select]


dn: sambaDomainName=EBOX,dc=ebox
sambaDomainName: EBOX
sambaSID: S-1-5-21-3818554400-921237426-3143208535
uidNumber: 2001
gidNumber: 2000
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaMaxPwdAge: 10368000
sambaLockoutThreshold: 0
sambaPwdHistoryLength: 4
sambaMinPwdLength: 7
structuralObjectClass: sambaDomain
entryUUID: ad85377e-0449-102e-91fd-71bb829a1430
creatorsName: cn=admin,dc=ebox
createTimestamp: 20090713223849Z
entryCSN: 20090713223849.400247Z#000000#000#000000
modifiersName: cn=admin,dc=ebox
modifyTimestamp: 20090713223849Z

After that, restart, and post the the output again to see what changed.

Thanks!

[jaycool]

First off thanks for all your help.

No only the maximum password age is enabled and set to 0.
The other to settings are disabled.

So, whenever I restart EBOX the PDC settings are as followed:

Minimum Password Length:  disabled
Maximum Password Age:      enabled : set to 0
Enforce Password History:    disabled

Now I adjusted the settings to:

Minimum Password Length:  enabled : set to 8
Maximum Password Age:     enabled : set to 90
Enforce Password History:   enabled : set to 6

Then I ran slapcat and I got the following:

dn: sambaDomainName=EBOX,dc=ebox
sambaDomainName: EBOX
sambaSID: S-1-5-21-3818554400-921237426-3143208535
uidNumber: 2002
gidNumber: 2000
objectClass: sambaDomain
objectClass: sambaUnixIdPool
structuralObjectClass: sambaDomain
entryUUID: 7abdf04e-04ce-102e-906f-a97cdafb1adf
creatorsName: cn=admin,dc=ebox
createTimestamp: 20090714135715Z
sambaMinPwdLength: 8
sambaMaxPwdAge: 7776000
sambaPwdHistoryLength: 6
entryCSN: 20090714140352.846895Z#000000#000#000000
modifiersName: cn=admin,dc=ebox
modifyTimestamp: 20090713223849Z

Next, I restarted ran slapcat and I got the following:

dn: sambaDomainName=EBOX,dc=ebox
sambaDomainName: EBOX
sambaSID: S-1-5-21-3818554400-921237426-3143208535
uidNumber: 2002
gidNumber: 2000
objectClass: sambaDomain
objectClass: sambaUnixIdPool
structuralObjectClass: sambaDomain
entryUUID: 7abdf04e-04ce-102e-906f-a97cdafb1adf
creatorsName: cn=admin,dc=ebox
createTimestamp: 20090714135715Z
entryCSN: 20090714140352.846895Z#000000#000#000000
modifiersName: cn=admin,dc=ebox
modifyTimestamp: 20090713223849Z

Then, I logged back into the web interface and the PDC settings are back to following:

Minimum Password Length:  disabled
Maximum Password Age:      enabled : set to 0
Enforce Password History:    disabled

What do you think could be the cause of this issue?

[jaycool]

Has anyone got any ideas? Is it still a bug or is it something I am doing wrong or something wrong with my setup?

[javi]

It seems a bug but I'm unable to reproduce it I'll keep trying though.

Could you test the following. Edit /usr/share/perl5/EBox/SambaLdapUser.pm and a line containing "return;" to this function

Code: [Select]

sub setSambaDomainName
{
 return; #Add this return
 my ($self, $domain) = @_;
...

That should tell us if that's the method that is messing things up.

[jaycool]

Thanks

I followed your directions and its working fine now.

[jaycool]

Well, lol I spoke to soon. Its saves the settings now, but I can't join the domain. It prompts for username and password I enter them in. Then, it gives me an error: the network path was not found.
Any ideas? Should I try loading ebox on another test machine. You did say that you couldn't reproduce my error/issue?

[J. A. Calvo]

As javi said: "That should tell us if that's the method that is messing things up". I mean, that wasn't a solution to the problem, only a test to help us finding the solution. We'll upload a new version when we fix it. (if there's really a bug).

If you have time you can test eBox on another clean machine to see if you reproduce it in the same way.

Thanks for your patience

Regards,

J. A. Calvo

[jaycool]

Im sorry I typed the line in wrong. I have it working now. The PDC settings are saved and I can log onto the domain without a problem. So, I guess thats were the issue is? I am going to test the install on another machine and I will let you know the results. Thanks for all your help.

[J. A. Calvo]

What line did you type wrong? the "return;" one? Well, that should fix the issue but it can have other negative effects (I suppose that the domain name change feature will stop working). If you can test in another machine (a virtual one is enough) it will be useful.

Thank you for the bug report!

Regards,

J. A. Calvo