[Samba] user login passwords are mixed up
rpenny at samba.org
Sun Feb 21 12:00:07 UTC 2016
On 20/02/16 22:05, oeh univie edv lists wrote:
> In what samba version is parameter "old password allowed period"
> This parameter seems be the remedy to my problem but I cannot find it with
> "testparm -v | grep password"
> or in my
> "man smb.conf"
> Does it even exist in 4.1.17 (just the regular debian package)?
I think it came in with the implementation of bad password lockout in
4.2.0, so I don't think you will have it on 4.1.17. Easiest way to get
it would be to upgrade to the Sernet 4.2.x packages, or wait until
Debian possibly backports 4.3.3 from sid.
> In this document it says it is for samba version 4:
> I found this where the parameter is introduced:
> Is there an easy solution to use this paramter in 4.1.17?
> I set "Enforce Password History" to value "0" in the GPO. Login with
> the previous old password is no longer possible BUT I cannot change
> the new password to any old passwords. That should be possible with no
> history, shouldn't it? I tried it several times. Somehow the password
> history still works regarding that. But why? I moved gencache.tdb in
> /var/cache/samba to oldgenchache.tdb but still the same behaviour... I
> restarted samba... Why does the password history still work? Where
> does Samba store the password history?
Good question, not sure where it is stored, anybody know ?
> This behaviour is perfect for what I want, but there is no logic in
> it. There must be some lack of understanding here...
> And for what reasons should one want a 60 minutes permit on NTLM login
> after a password change anyway?
Again I don't know, I suggest you take it up with microsoft, Samba is
just being compatible with windows here.
More information about the samba