[Samba] 'check password script' and Join...
Marco Gaiarin
gaio at sv.lnf.it
Wed Oct 25 14:21:03 UTC 2017
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> Thanks for asking for clarification, I hope this puts you at ease.
Sure! Thanks to you!
Only a bit more:
> > PS: and domain members? How they enforce passwords policies? Directly
> > on AD DC, i suppose... but i'll ask. ;-)
> They don't ask the DC for the choice of local user passwords as far as
> I'm aware. There is an API to check if a password is OK (SAMR
> ValidatePassword), but I've not seen it called for that, but I've also
> not really been looking.
No, i was not clear. I don't mean ''password quality'', but ''password
age''.
In NT/LDAP/smbldap-tools mode, i used to populate shadow account LDAP
data, ''copying'' expiration date from Samba/Windows ones, so i've
addedd NSS 'shadow' ldap context and the POSIX layer are aware of
password expiration.
I supposed now that password are checked against DC in a
''black/white'' way, eg if i try to authenticate i gat something like:
a) good
b) bad password
c) password expired, please change
d) account disabled
Right?
No one have tried to add 'shadow' context in winbind? I'm simply
curious... ;-)
Again, thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list