[Samba] 'check password script' timeout, diferences between AD and NT mode?

Marco Gaiarin gaio at sv.lnf.it
Thu Jan 9 10:33:29 UTC 2020

Mandi! Andrew Bartlett via samba
  In chel di` si favelave...

> We have to have a pretty strict timeout on this otherwise the DB could
> be transaction locked forever, as the script in the AD case runs while
> the LDB transaction lock is taken.

Ok, good. Thanks for the answer!
But, just we are here, you can say me how the timeout is set in samba?
Or point to the code snippet to read from? ;-)
I think also could be added to the manpage...

I can run the command in my script within 'coreutils' timeout, using,
eg, half of the samba timeout.

> Ideally use the samba-tool user syncpasswords system to take this
> outside the transaction lock, and allow recovery after the other server
> is back.
> We really don't want the 'check password script' used for password
> sync, which is why we built better alternatives.  

As stated to rowland, i'm using that.

Only, i need to add some more strictier password checks, and so i use 'check password
script' to verify that password comply to the spec, because 'samba-tool user
syncpasswords' is a post-change tool, and so i could lead to a
'incompatible password' to be propagated.


dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list