[Samba] 'check password script' and Join...

Marco Gaiarin gaio at sv.lnf.it
Wed Oct 25 14:21:03 UTC 2017

Mandi! Andrew Bartlett via samba
  In chel di` si favelave...

> Thanks for asking for clarification, I hope this puts you at ease.

Sure! Thanks to you!

Only a bit more:

> > PS: and domain members? How they enforce passwords policies? Directly
> >   on AD DC, i suppose... but i'll ask. ;-)

> They don't ask the DC for the choice of local user passwords as far as
> I'm aware.  There is an API to check if a password is OK (SAMR
> ValidatePassword), but I've not seen it called for that, but I've also
> not really been looking. 

No, i was not clear. I don't mean ''password quality'', but ''password

In NT/LDAP/smbldap-tools mode, i used to populate shadow account LDAP
data, ''copying'' expiration date from Samba/Windows ones, so i've
addedd NSS 'shadow' ldap context and the POSIX layer are aware of
password expiration.

I supposed now that password are checked against DC in a
''black/white'' way, eg if i try to authenticate i gat something like:
 a) good
 b) bad password
 c) password expired, please change
 d) account disabled


No one have tried to add 'shadow' context in winbind? I'm simply
curious... ;-)

Again, thanks.

dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list