The "unknown_5" 32 bit field in the user structs is actually 2 16-bit

fields, bad_password_count and logon_count. Ensure this is stored/fetched
in the various SAMs. As it replaces the unknown_5 field this fits
exactly into the tdb SAM without any binary problems. It also is added
to the LDAP SAM as two extra attributes. It breaks compatibility with
the experimental SAMs xml and mysql. The maintainers of these SAMs must
fix them so upgrades like this can be done transparently. I will insist
on the "experimental" status until this is solved.
Jeremy.
(This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)

11 files changed, 129 insertions, 52 deletions

diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index e3077eee70..a4b2bcff3f 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -57,7 +57,8 @@ enum pdb_elements {
 	PDB_MUNGEDDIAL,
 	PDB_HOURS,
 	PDB_UNKNOWN3,
-	PDB_UNKNOWN5,
+	PDB_BAD_PASSWORD_COUNT,
+	PDB_LOGON_COUNT,
 	PDB_UNKNOWN6,
 	PDB_LMPASSWD,
 	PDB_NTPASSWD,
@@ -136,7 +137,10 @@ typedef struct sam_passwd
 		uint32 hours_len; /* normally 21 bytes */
 		uint8 hours[MAX_HOURS_LEN];
 		
-		uint32 unknown_5; /* 0x0002 0000 */
+		/* Was unknown_5. */
+		uint16 bad_password_count;
+		uint16 logon_count;
+
 		uint32 unknown_6; /* 0x0000 04ec */
 		/* a tag for who added the private methods */
 		const struct pdb_methods *backend_private_methods;
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index 4d9ad0b2e1..3b81042df3 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -189,7 +189,9 @@ typedef struct sam_user_info_23
 	/* uint8 pad[2] */
 	uint32 ptr_logon_hrs; /* pointer to logon hours */
 
-	uint32 unknown_5;     /* 0x0001 0000 */
+	/* Was unknown_5. */
+	uint16 bad_password_count;
+	uint16 logon_count;
 
 	uint8 padding1[6];
 		
@@ -312,7 +314,9 @@ typedef struct sam_user_info_21
 	/* uint8 pad[2] */
 	uint32 ptr_logon_hrs; /* unknown pointer */
 
-	uint32 unknown_5;     /* 0x0002 0000 */
+	/* Was unknown_5. */
+	uint16 bad_password_count;
+	uint16 logon_count;
 
 	uint8 padding1[6];
 		
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 826fc3c55a..9765b9fbd6 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -88,6 +88,8 @@
 #define LDAP_ATTR_SID			32
 #define LDAP_ATTR_ALGORITHMIC_RID_BASE  33
 #define LDAP_ATTR_NEXT_RID              34
+#define LDAP_ATTR_BAD_PASSWORD_COUNT	35
+#define LDAP_ATTR_LOGON_COUNT		36
 
 typedef struct _attrib_map_entry {
 	int		attrib;
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 78f36eb9b6..cdbda38983 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -83,7 +83,8 @@ void pdb_fill_default_sam(SAM_ACCOUNT *user)
 	user->private.logon_divs = 168; 	/* hours per week */
 	user->private.hours_len = 21; 		/* 21 times 8 bits = 168 */
 	memset(user->private.hours, 0xff, user->private.hours_len); /* available at all hours */
-	user->private.unknown_5 = 0x00000000; /* don't know */
+	user->private.bad_password_count = 0;
+	user->private.logon_count = 0;
 	user->private.unknown_6 = 0x000004ec; /* don't know */
 
 	/* Some parts of samba strlen their pdb_get...() returns, 
@@ -1280,7 +1281,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_
  Marshall/unmarshall SAM_ACCOUNT structs.
  *********************************************************************/
 
-#define TDB_FORMAT_STRING       "ddddddBBBBBBBBBBBBddBBwdwdBdd"
+#define TDB_FORMAT_STRING       "ddddddBBBBBBBBBBBBddBBwdwdBwwd"
 
 /**********************************************************************
  Intialize a SAM_ACCOUNT struct from a BYTE buffer of size len
@@ -1315,8 +1316,9 @@ BOOL init_sam_from_buffer(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
 		fullname_len, homedir_len, logon_script_len,
 		profile_path_len, acct_desc_len, workstations_len;
 		
-	uint32	user_rid, group_rid, unknown_3, hours_len, unknown_5, unknown_6;
+	uint32	user_rid, group_rid, unknown_3, hours_len, unknown_6;
 	uint16	acct_ctrl, logon_divs;
+	uint16	bad_password_count, logon_count;
 	uint8	*hours;
 	static uint8	*lm_pw_ptr, *nt_pw_ptr;
 	uint32		len = 0;
@@ -1357,7 +1359,8 @@ BOOL init_sam_from_buffer(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
 		&logon_divs,
 		&hours_len,
 		&hourslen, &hours,
-		&unknown_5,
+		&bad_password_count,
+		&logon_count,
 		&unknown_6);
 		
 	if (len == -1)  {
@@ -1432,7 +1435,8 @@ BOOL init_sam_from_buffer(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
 	pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
 	pdb_set_unknown_3(sampass, unknown_3, PDB_SET);
 	pdb_set_hours_len(sampass, hours_len, PDB_SET);
-	pdb_set_unknown_5(sampass, unknown_5, PDB_SET);
+	pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
+	pdb_set_logon_count(sampass, logon_count, PDB_SET);
 	pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
 	pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
 	pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
@@ -1640,7 +1644,8 @@ uint32 init_buffer_from_sam (uint8 **buf, const SAM_ACCOUNT *sampass, BOOL size_
 		pdb_get_logon_divs(sampass),
 		pdb_get_hours_len(sampass),
 		MAX_HOURS_LEN, pdb_get_hours(sampass),
-		pdb_get_unknown_5(sampass),
+		pdb_get_bad_password_count(sampass),
+		pdb_get_logon_count(sampass),
 		pdb_get_unknown_6(sampass));
 
 
@@ -1682,7 +1687,8 @@ uint32 init_buffer_from_sam (uint8 **buf, const SAM_ACCOUNT *sampass, BOOL size_
 		pdb_get_logon_divs(sampass),
 		pdb_get_hours_len(sampass),
 		MAX_HOURS_LEN, pdb_get_hours(sampass),
-		pdb_get_unknown_5(sampass),
+		pdb_get_bad_password_count(sampass),
+		pdb_get_logon_count(sampass),
 		pdb_get_unknown_6(sampass));
 	
 	
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 1505458551..9c2b7e4c70 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -314,12 +314,20 @@ uint32 pdb_get_unknown_3 (const SAM_ACCOUNT *sampass)
 		return (-1);
 }
 
-uint32 pdb_get_unknown_5 (const SAM_ACCOUNT *sampass)
+uint16 pdb_get_bad_password_count(const SAM_ACCOUNT *sampass)
 {
 	if (sampass)
-		return (sampass->private.unknown_5);
+		return (sampass->private.bad_password_count);
 	else
-		return (-1);
+		return 0;
+}
+
+uint16 pdb_get_logon_count(const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.logon_count);
+	else
+		return 0;
 }
 
 uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass)
@@ -984,14 +992,24 @@ BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state
 	return pdb_set_init_flags(sampass, PDB_UNKNOWN3, flag);
 }
 
-BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
+BOOL pdb_set_bad_password_count(SAM_ACCOUNT *sampass, uint16 bad_password_count, enum pdb_value_state flag)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.bad_password_count = bad_password_count;
+
+	return pdb_set_init_flags(sampass, PDB_BAD_PASSWORD_COUNT, flag);
+}
+
+BOOL pdb_set_logon_count(SAM_ACCOUNT *sampass, uint16 logon_count, enum pdb_value_state flag)
 {
 	if (!sampass)
 		return False;
 
-	sampass->private.unknown_5 = unkn;
+	sampass->private.logon_count = logon_count;
 
-	return pdb_set_init_flags(sampass, PDB_UNKNOWN5, flag);
+	return pdb_set_init_flags(sampass, PDB_LOGON_COUNT, flag);
 }
 
 BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index e00631fb7d..d4de6b2e96 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -422,6 +422,8 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
 			smbntpwd[NT_HASH_LEN];
 	uint16 		acct_ctrl = 0, 
 			logon_divs;
+	uint16 		bad_password_count = 0, 
+			logon_count = 0;
 	uint32 hours_len;
 	uint8 		hours[MAX_HOURS_LEN];
 	pstring temp;
@@ -704,7 +706,23 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
 	pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
 	
 	/* pdb_set_unknown_3(sampass, unknown3, PDB_SET); */
-	/* pdb_set_unknown_5(sampass, unknown5, PDB_SET); */
+
+	if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
+			get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_COUNT), temp)) {
+			/* leave as default */
+	} else {
+		bad_password_count = (uint32) atol(temp);
+		pdb_set_bad_password_count(sampass, bad_password_count, PDB_SET);
+	}
+
+	if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
+			get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_COUNT), temp)) {
+			/* leave as default */
+	} else {
+		logon_count = (uint32) atol(temp);
+		pdb_set_logon_count(sampass, logon_count, PDB_SET);
+	}
+
 	/* pdb_set_unknown_6(sampass, unknown6, PDB_SET); */
 
 	pdb_set_hours(sampass, hours, PDB_SET);
diff --git a/source3/passdb/pdb_mysql.c b/source3/passdb/pdb_mysql.c
index 6c200be504..460e260ddc 100644
--- a/source3/passdb/pdb_mysql.c
+++ b/source3/passdb/pdb_mysql.c
@@ -49,7 +49,8 @@
 #define CONFIG_UNKNOWN_3_DEFAULT			"unknown_3"
 #define CONFIG_LOGON_DIVS_DEFAULT			"logon_divs"
 #define CONFIG_HOURS_LEN_DEFAULT			"hours_len"
-#define CONFIG_UNKNOWN_5_DEFAULT			"unknown_5"
+#define CONFIG_BAD_PASSWORD_COUNT_DEFAULT		"bad_password_count"
+#define CONFIG_LOGON_COUNT_DEFAULT			"logon_count"
 #define CONFIG_UNKNOWN_6_DEFAULT			"unknown_6"
 #define CONFIG_HOST_DEFAULT				"localhost"
 #define CONFIG_USER_DEFAULT				"samba"
@@ -259,8 +260,9 @@ static NTSTATUS row_to_sam_account(MYSQL_RES * r, SAM_ACCOUNT * u)
 	pdb_set_unknown_3(u, xatol(row[24]), PDB_SET);
 	pdb_set_logon_divs(u, xatol(row[25]), PDB_SET);
 	pdb_set_hours_len(u, xatol(row[26]), PDB_SET);
-	pdb_set_unknown_5(u, xatol(row[27]), PDB_SET);
-	pdb_set_unknown_6(u, xatol(row[28]), PDB_SET);
+	pdb_set_bad_password_count(u, xatol(row[27]), PDB_SET);
+	pdb_set_logon_count(u, xatol(row[28]), PDB_SET);
+	pdb_set_unknown_6(u, xatol(row[29]), PDB_SET);
 
 	return NT_STATUS_OK;
 }
@@ -278,7 +280,7 @@ static NTSTATUS mysqlsam_setsampwent(struct pdb_methods *methods, BOOL update)
 	}
 
 	asprintf(&query,
-			 "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s",
+			 "SELECT %s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s FROM %s",
 			 config_value_read(data, "logon time column",
 							   CONFIG_LOGON_TIME_DEFAULT),
 			 config_value_read(data, "logoff time column",
@@ -333,8 +335,10 @@ static NTSTATUS mysqlsam_setsampwent(struct pdb_methods *methods, BOOL update)
 							   CONFIG_LOGON_DIVS_DEFAULT),
 			 config_value_read(data, "hours len column",
 							   CONFIG_HOURS_LEN_DEFAULT),
-			 config_value_read(data, "unknown 5 column",
-							   CONFIG_UNKNOWN_5_DEFAULT),
+			 config_value_read(data, "bad_password_count column",
+							   CONFIG_BAD_PASSWORD_COUNT_DEFAULT),
+			 config_value_read(data, "logon_count column",
+							   CONFIG_LOGON_COUNT_DEFAULT),
 			 config_value_read(data, "unknown 6 column",
 							   CONFIG_UNKNOWN_6_DEFAULT),
 			 config_value(data, "table", CONFIG_TABLE_DEFAULT)
diff --git a/source3/passdb/pdb_xml.c b/source3/passdb/pdb_xml.c
index 7af2fdd940..29922bca4f 100644
--- a/source3/passdb/pdb_xml.c
+++ b/source3/passdb/pdb_xml.c
@@ -159,8 +159,13 @@ static BOOL parseUser(xmlDocPtr doc, xmlNsPtr ns, xmlNodePtr cur, SAM_ACCOUNT *
 							  atol(xmlNodeListGetString
 								   (doc, cur->xmlChildrenNode, 1)), PDB_SET);
 
-		else if (!strcmp(cur->name, "unknown_5") && cur->ns == ns)
-			pdb_set_unknown_5(u,
+		else if (!strcmp(cur->name, "bad_password_count") && cur->ns == ns)
+			pdb_set_bad_password_count(u,
+							  atol(xmlNodeListGetString
+								   (doc, cur->xmlChildrenNode, 1)), PDB_SET);
+
+		else if (!strcmp(cur->name, "logon_count") && cur->ns == ns)
+			pdb_set_logon_count(u,
 							  atol(xmlNodeListGetString
 								   (doc, cur->xmlChildrenNode, 1)), PDB_SET);
 
@@ -495,7 +500,8 @@ static NTSTATUS xmlsam_add_sam_account(struct pdb_methods *methods, SAM_ACCOUNT
 		xmlNewChild(user, data->ns, "hours_len",
 					iota(pdb_get_hours_len(u)));
 
-	xmlNewChild(user, data->ns, "unknown_5", iota(pdb_get_unknown_5(u)));
+	xmlNewChild(user, data->ns, "bad_password_count", iota(pdb_get_bad_password_count(u)));
+	xmlNewChild(user, data->ns, "logon_count", iota(pdb_get_logon_count(u)));
 	xmlNewChild(user, data->ns, "unknown_6", iota(pdb_get_unknown_6(u)));
 	xmlSaveFile(data->location, data->doc);
 
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 1fe9b3231f..420a727765 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -5411,7 +5411,6 @@ static BOOL sam_io_user_info24(const char *desc, SAM_USER_INFO_24 * usr,
  init_sam_user_info23
 
  unknown_3 = 0x09f8 27fa
- unknown_5 = 0x0001 0000
  unknown_6 = 0x0000 04ec 
 
  *************************************************************************/
@@ -5438,7 +5437,8 @@ void init_sam_user_info23W(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all z
 			uint32 unknown_3,
 			uint16 logon_divs,
 			LOGON_HRS * hrs,
-			uint32 unknown_5,
+			uint16 bad_password_count,
+			uint16 logon_count,
 			char newpass[516], uint32 unknown_6)
 {
 	int len_user_name = user_name != NULL ? user_name->uni_str_len : 0;
@@ -5487,11 +5487,11 @@ void init_sam_user_info23W(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all z
 		usr->passmustchange=0;
 	}
 
-
 	ZERO_STRUCT(usr->padding1);
 	ZERO_STRUCT(usr->padding2);
 
-	usr->unknown_5 = unknown_5;	/* 0x0001 0000 */
+	usr->bad_password_count = bad_password_count;
+	usr->logon_count = logon_count;
 
 	memcpy(usr->pass, newpass, sizeof(usr->pass));
 
@@ -5516,7 +5516,6 @@ void init_sam_user_info23W(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all z
  init_sam_user_info23
 
  unknown_3 = 0x09f8 27fa
- unknown_5 = 0x0001 0000
  unknown_6 = 0x0000 04ec 
 
  *************************************************************************/
@@ -5534,7 +5533,7 @@ void init_sam_user_info23A(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all z
 			   char *unk_str, char *mung_dial, uint32 user_rid,	/* 0x0000 0000 */
 			   uint32 group_rid, uint32 acb_info,
 			   uint32 unknown_3, uint16 logon_divs,
-			   LOGON_HRS * hrs, uint32 unknown_5,
+			   LOGON_HRS * hrs, uint16 bad_password_count, uint16 logon_count,
 			   char newpass[516], uint32 unknown_6)
 {
 	int len_user_name = user_name != NULL ? strlen(user_name) : 0;
@@ -5586,7 +5585,8 @@ void init_sam_user_info23A(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all z
 	ZERO_STRUCT(usr->padding1);
 	ZERO_STRUCT(usr->padding2);
 
-	usr->unknown_5 = unknown_5;	/* 0x0001 0000 */
+	usr->bad_password_count = bad_password_count;
+	usr->logon_count = logon_count;
 
 	memcpy(usr->pass, newpass, sizeof(usr->pass));
 
@@ -5678,7 +5678,9 @@ static BOOL sam_io_user_info23(const char *desc, SAM_USER_INFO_23 * usr,
 	if(!prs_uint32("ptr_logon_hrs ", ps, depth, &usr->ptr_logon_hrs))
 		return False;
 
-	if(!prs_uint32("unknown_5     ", ps, depth, &usr->unknown_5))
+	if(!prs_uint16("bad_password_count     ", ps, depth, &usr->bad_password_count))
+		return False;
+	if(!prs_uint16("logon_count     ", ps, depth, &usr->logon_count))
 		return False;
 
 	if(!prs_uint8s(False, "padding1      ", ps, depth, usr->padding1, sizeof(usr->padding1)))
@@ -5865,7 +5867,6 @@ static BOOL sam_io_user_info25(const char *desc, SAM_USER_INFO_25 * usr, prs_str
  init_sam_user_info21W
 
  unknown_3 = 0x00ff ffff
- unknown_5 = 0x0002 0000
  unknown_6 = 0x0000 04ec 
 
  *************************************************************************/
@@ -5895,7 +5896,9 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
 			   uint32 unknown_3,
 			   uint16 logon_divs,
 			   LOGON_HRS * hrs,
-			   uint32 unknown_5, uint32 unknown_6)
+			   uint16 bad_password_count,
+			   uint16 logon_count,
+			   uint32 unknown_6)
 {
 	int len_user_name = user_name != NULL ? user_name->uni_str_len : 0;
 	int len_full_name = full_name != NULL ? full_name->uni_str_len : 0;
@@ -5936,7 +5939,8 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
 
 	usr->logon_divs = logon_divs;	/* should be 168 (hours/week) */
 	usr->ptr_logon_hrs = hrs ? 1 : 0;
-	usr->unknown_5 = unknown_5;	/* 0x0002 0000 */
+	usr->bad_password_count = bad_password_count;
+	usr->logon_count = logon_count;
 
 	if (nt_time_is_zero(pass_must_change_time)) {
 		usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
@@ -5944,7 +5948,6 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
 		usr->passmustchange=0;
 	}
 
-
 	ZERO_STRUCT(usr->padding1);
 	ZERO_STRUCT(usr->padding2);
 
@@ -5969,7 +5972,6 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
  init_sam_user_info21
 
  unknown_3 = 0x00ff ffff
- unknown_5 = 0x0002 0000
  unknown_6 = 0x0000 04ec 
 
  *************************************************************************/
@@ -6086,7 +6088,8 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *
 
 	usr->logon_divs = pdb_get_logon_divs(pw); 
 	usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0;
-	usr->unknown_5 = pdb_get_unknown_5(pw); /* 0x0002 0000 */
+	usr->bad_password_count = pdb_get_bad_password_count(pw);
+	usr->logon_count = pdb_get_logon_count(pw);
 
 	if (pdb_get_pass_must_change_time(pw) == 0) {
 		usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
@@ -6094,7 +6097,6 @@ NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *
 		usr->passmustchange=0;
 	}
 
-
 	ZERO_STRUCT(usr->padding1);
 	ZERO_STRUCT(usr->padding2);
 
@@ -6192,7 +6194,9 @@ static BOOL sam_io_user_info21(const char *desc, SAM_USER_INFO_21 * usr,
 	if(!prs_uint32("ptr_logon_hrs ", ps, depth, &usr->ptr_logon_hrs))
 		return False;
 
-	if(!prs_uint32("unknown_5     ", ps, depth, &usr->unknown_5))
+	if(!prs_uint16("bad_password_count     ", ps, depth, &usr->bad_password_count))
+		return False;
+	if(!prs_uint16("logon_count     ", ps, depth, &usr->logon_count))
 		return False;
 
 	if(!prs_uint8s(False, "padding1      ", ps, depth, usr->padding1, sizeof(usr->padding1)))
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index b81c441811..db6649073e 100644
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -189,7 +189,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
 		pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
 	}
 
-	DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
+	DEBUG(10,("INFO_21 UNKNOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
 	if (from->unknown_3 != pdb_get_unknown_3(to)) {
 		pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED);
 	}
@@ -208,12 +208,17 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
 /* Fix me: only update if it changes --metze */
 	pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
 
-	DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
-	if (from->unknown_5 != pdb_get_unknown_5(to)) {
-		pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
+	DEBUG(10,("INFO_21 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
+	if (from->bad_password_count != pdb_get_bad_password_count(to)) {
+		pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
 	}
 
-	DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
+	DEBUG(10,("INFO_21 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
+	if (from->logon_count != pdb_get_logon_count(to)) {
+		pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
+	}
+
+	DEBUG(10,("INFO_21 UNKNOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
 	if (from->unknown_6 != pdb_get_unknown_6(to)) {
 		pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
 	}
@@ -413,9 +418,14 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
 /* Fix me: only update if it changes --metze */
 	pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
 
-	DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
-	if (from->unknown_5 != pdb_get_unknown_5(to)) {
-		pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
+	DEBUG(10,("INFO_23 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
+	if (from->bad_password_count != pdb_get_bad_password_count(to)) {
+		pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
+	}
+
+	DEBUG(10,("INFO_23 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
+	if (from->logon_count != pdb_get_logon_count(to)) {
+		pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
 	}
 
 	DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 722d66621a..34c6fc35ab 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -85,7 +85,8 @@ static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
 	
 	printf("\tunknown_3:\t0x%08x\n", usr->unknown_3); /* 0x00ff ffff */
 	printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
-	printf("\tunknown_5:\t0x%08x\n", usr->unknown_5); /* 0x0002 0000 */
+	printf("\tbad_password_count:\t0x%08x\n", usr->bad_password_count);
+	printf("\tlogon_count:\t0x%08x\n", usr->logon_count);
 	
 	printf("\tpadding1[0..7]...\n");