[Samba] Old samba password is valid after setting the new one.

Rowland penny rpenny at samba.org
Fri Oct 25 20:54:31 UTC 2019


On 25/10/2019 21:39, Dipl.-Ing. Péter Varkoly via samba wrote:
> Hi,
>
> I've detected a very strange behavior on samba 4.8.9 and 4.10.6.
> After setting a new password for a user with samba-tool the old
> password remains valid. The user can use both passwords.
> After setting the third password become the first password invalid:
>
> :~ # samba-tool user setpassword extisadm --newpassword=12AbCdEf
> Changed password OK
> :~ # samba-tool user setpassword extisadm --newpassword=12AbCdEG
> Changed password OK
> :~ # smbclient -L admin -U extisadm%12AbCdEf
>
>          Sharename       Type      Comment
>          ---------       ----      -------
>          sysvol          Disk
>          groups          Disk      Shared directories of groups .....
>          users           Disk      All users
>          all             Disk      Folder for all
>          alladmins       Disk      Folder for administration personal
>          software        Disk      Folder for software
> :~ # samba-tool user setpassword extisadm --newpassword=12AbCdEC
> :~ # smbclient -L admin -U extisadm%12AbCdEf
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> Is it a bug or a feature?
>
I think this a feature, a Windows feature ;-)

Try changing the password and then wait an hour or so and then try the 
old password, it shouldn't work.

Rowland





More information about the samba mailing list