[Samba] 'check password script' timeout, diferences between AD and NT mode?

Rowland penny rpenny at samba.org
Tue Jan 7 12:06:02 UTC 2020

On 07/01/2020 11:35, Marco Gaiarin via samba wrote:
> Here we use a (custom-made, internal) password propagation system,
> hooked around 'check password script'.
> Recently we suffer a network outgage (another one ;-), and the system
> that take care of password propagation goes offline.
>   + NT domains continue to work, clearly password not propagate
>   + AD domain stop to work (eg, users password change on windows stop to
>     work), because the script timeout.
> Note that 'check password script = ' run a bash script that 'wrap' the
> real password propagation system, and that return anyway '0'. The
> script don't fail, timeout.
> I've run by hand the real password propagation system, and effectively
> timeout (90 seconds circa) connecting to the server.
> So seems that on AD a timeout get added to 'check password script' and
> if timeout expires, password change get refused.
> Seems also that this behaviour was not present in NT mode.
> There's something i can do on samba side? Thanks.
Yes, do it the right way ;-)

Can you read French ?

See here: 


More information about the samba mailing list