From c2b094ffbc8ace231ed53175c1c694539e3d2e2c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 6 May 2012 16:41:18 +1000 Subject: s4-s3-upgrade: Max/min password age policy is in seconds, not days This cases upgraded domains to have a too-long password expiry, which in extreme cases can cause the KDC to misfunction. Andrew Bartlett Autobuild-User: Andrew Bartlett Autobuild-Date: Sun May 6 14:49:39 CEST 2012 on sn-devel-104 --- source4/scripting/python/samba/upgrade.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 7d6930681f..7055d0d673 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -60,7 +60,7 @@ def import_sam_policy(samdb, policy, logger): ldb.FLAG_MOD_REPLACE, 'pwdHistoryLength') min_pw_age_unix = policy['minimum password age'] - min_pw_age_nt = int(-min_pw_age_unix * (1e7 * 60 * 60 * 24)) + min_pw_age_nt = int(-min_pw_age_unix * (1e7)) m['a03'] = ldb.MessageElement(str(min_pw_age_nt), ldb.FLAG_MOD_REPLACE, 'minPwdAge') @@ -68,7 +68,7 @@ def import_sam_policy(samdb, policy, logger): if max_pw_age_unix == -1 or max_pw_age_unix == 0: max_pw_age_nt = -0x8000000000000000 else: - max_pw_age_nt = int(-max_pw_age_unix * (1e7 * 60 * 60 * 24)) + max_pw_age_nt = int(-max_pw_age_unix * (1e7)) m['a04'] = ldb.MessageElement(str(max_pw_age_nt), ldb.FLAG_MOD_REPLACE, 'maxPwdAge') -- cgit