[Samba] 'check password script' timeout, diferences between AD and NT mode?
Rowland penny
rpenny at samba.org
Tue Jan 7 12:06:02 UTC 2020
On 07/01/2020 11:35, Marco Gaiarin via samba wrote:
> Here we use a (custom-made, internal) password propagation system,
> hooked around 'check password script'.
>
> Recently we suffer a network outgage (another one ;-), and the system
> that take care of password propagation goes offline.
>
> + NT domains continue to work, clearly password not propagate
>
> + AD domain stop to work (eg, users password change on windows stop to
> work), because the script timeout.
>
> Note that 'check password script = ' run a bash script that 'wrap' the
> real password propagation system, and that return anyway '0'. The
> script don't fail, timeout.
> I've run by hand the real password propagation system, and effectively
> timeout (90 seconds circa) connecting to the server.
>
>
> So seems that on AD a timeout get added to 'check password script' and
> if timeout expires, password change get refused.
> Seems also that this behaviour was not present in NT mode.
>
>
> There's something i can do on samba side? Thanks.
>
Yes, do it the right way ;-)
Can you read French ?
See here:
https://dev.tranquil.it/wiki/SAMBA_-_Synchronisation_des_mots_de_passe_entre_un_Samba4_et_une_OpenLDAP
Rowland
More information about the samba
mailing list