R: R: [Samba] howwinbind cache time works
Gerald (Jerry) Carter
jerry at samba.org
Fri Sep 14 15:57:53 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
(CC'ing back on list)
Gianluca Culot wrote:
> When the users change their passwords on the AD domain server
> it takes one hour before winbind starts refusing the old
> password (as it is in cache, I suppose)
Nope. This is a Windows DC bug.
Unless you have enabled "winbind offline logons = yes",
passwords are never cached in Winbind.
> and failing authentication, forcing the user to enter
> the new password (for example in email client)
> So I was thinking about lowering cache timeout... But I'm
> not happy about this.
Try setting "krb5_auth = yes" in /etc/security/pam_winbind.conf
(assuming you are running a recent version of Winbind).
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v220.127.116.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba