[Samba] 'check password script' timeout, diferences between AD and NT mode?
gaio at sv.lnf.it
Tue Jan 7 11:35:52 UTC 2020
Here we use a (custom-made, internal) password propagation system,
hooked around 'check password script'.
Recently we suffer a network outgage (another one ;-), and the system
that take care of password propagation goes offline.
+ NT domains continue to work, clearly password not propagate
+ AD domain stop to work (eg, users password change on windows stop to
work), because the script timeout.
Note that 'check password script = ' run a bash script that 'wrap' the
real password propagation system, and that return anyway '0'. The
script don't fail, timeout.
I've run by hand the real password propagation system, and effectively
timeout (90 seconds circa) connecting to the server.
So seems that on AD a timeout get added to 'check password script' and
if timeout expires, password change get refused.
Seems also that this behaviour was not present in NT mode.
There's something i can do on samba side? Thanks.
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba