[Samba] user login passwords are mixed up
Rowland penny
rpenny at samba.org
Sun Feb 21 12:00:07 UTC 2016
On 20/02/16 22:05, oeh univie edv lists wrote:
> Hello,
>
> In what samba version is parameter "old password allowed period"
> introduced?
>
> This parameter seems be the remedy to my problem but I cannot find it with
> "testparm -v | grep password"
> or in my
> "man smb.conf"
>
> Does it even exist in 4.1.17 (just the regular debian package)?
I think it came in with the implementation of bad password lockout in
4.2.0, so I don't think you will have it on 4.1.17. Easiest way to get
it would be to upgrade to the Sernet 4.2.x packages, or wait until
Debian possibly backports 4.3.3 from sid.
>
> In this document it says it is for samba version 4:
> https://www.mankier.com/5/smb.conf
>
> I found this where the parameter is introduced:
> https://jelmer.uk/klaus/samba/commit/9d5f4cabf3f491fd1c22dbc1daaad8a657d12914/
>
> Is there an easy solution to use this paramter in 4.1.17?
>
> I set "Enforce Password History" to value "0" in the GPO. Login with
> the previous old password is no longer possible BUT I cannot change
> the new password to any old passwords. That should be possible with no
> history, shouldn't it? I tried it several times. Somehow the password
> history still works regarding that. But why? I moved gencache.tdb in
> /var/cache/samba to oldgenchache.tdb but still the same behaviour... I
> restarted samba... Why does the password history still work? Where
> does Samba store the password history?
Good question, not sure where it is stored, anybody know ?
>
> This behaviour is perfect for what I want, but there is no logic in
> it. There must be some lack of understanding here...
>
> And for what reasons should one want a 60 minutes permit on NTLM login
> after a password change anyway?
Again I don't know, I suggest you take it up with microsoft, Samba is
just being compatible with windows here.
Rowland
More information about the samba
mailing list