[Samba] Remove old password in Windows

Frank Gruman fgatwork at verizon.net
Tue Nov 4 02:00:24 GMT 2008 

On Tue, 2008-11-04 at 08:07 +0800, Nelson Serafica wrote:
> I have Samba running as File Server. Most workstation uses Windows XP and I
> usually map the samba drive to Windows.
> 
> When I change password, users doesn't prompt to re-enter their password. It
> seems the password was cache on Windows and even though I already change the
> password, since they have previous connection, they have already granted
> access to that directory despite of the new password.
> 
> Is there a way that Windows Users will be force to re-enter their new
> password?
> 
> Also, after changing the password of the user in samba, I restart samba
> service (service smb restart). However, Windows XP users was prompt of
> "Logon failure: unknown user name or bad password". It seems it still using
> the old password but since I have change their password, Windows still using
> the old password.
> 
> I have visited control panel--->user account-->manage my network password
> but didn't see any password save.
> 
> 
> Please advise if their are other people experience the same thing.
> 
> -- 
> Nelson Serafica
> 
> http://nelsontux.blogspot.com

Nelson,

Windows caches your logon credentials after the initial login as a hash
value.  This is a 'feature' of the MS client systems.  You can disable
password caching on the Windows machines for any externally accessed
resources.  I don't believe this affects the current local user session.

To disable password caching for new logins, open regedit and add the
following keys as DWord values: 
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
        \Policies\Network\DisablePwdCaching = 1
        
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
        \Policies\Network\DisablePwdCaching = 1
        
These entries does not exist by default - if you have many clients, you
may want to script this into their logon scripts.

Another topic to review that was posted recently:
http://www.mail-archive.com/samba@lists.samba.org/msg96607.html

The issues that making these changes would create is that every user
would be prompted for their username and password on every connection.
This is, perhaps, undesirable.

Regards,
Frank

More information about the samba mailing list