[Samba] 'check password script' timeout, diferences between AD and NT mode?

Marco Gaiarin gaio at sv.lnf.it
Tue Jan 7 11:35:52 UTC 2020

Here we use a (custom-made, internal) password propagation system,
hooked around 'check password script'.

Recently we suffer a network outgage (another one ;-), and the system
that take care of password propagation goes offline.

 + NT domains continue to work, clearly password not propagate

 + AD domain stop to work (eg, users password change on windows stop to
   work), because the script timeout.

Note that 'check password script = ' run a bash script that 'wrap' the
real password propagation system, and that return anyway '0'. The
script don't fail, timeout.
I've run by hand the real password propagation system, and effectively
timeout (90 seconds circa) connecting to the server.

So seems that on AD a timeout get added to 'check password script' and
if timeout expires, password change get refused.
Seems also that this behaviour was not present in NT mode.

There's something i can do on samba side? Thanks.

dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list