[Samba] Password Filtering

Andrew Bartlett abartlet at samba.org
Wed Apr 13 21:45:25 UTC 2022

On Wed, 2022-04-13 at 17:21 -0400, ralph strebbing wrote:
> On Wed, Apr 13, 2022, 5:17 PM Andrew Bartlett <abartlet at samba.org>
> wrote:
> > On Wed, 2022-04-13 at 12:10 -0400, ralph strebbing via samba wrote:
> > 
> > Remote password changes are intended to be caught by the 'check
> > 
> > password script' and we do have tests for this.  Do you have this 
> > 
> > set identically on all DCs?
> We do. Did we need to push a GPUpdate? Because we didn't do that
> while testing. Also we aren't using a wrapper script as suggested in
> Jonathon's Gitlab repo, so our parameter is defined as:
> check password script = chkastropwd --path=/opt/pwcache
> With Samba-Tool that worked fine, but perhaps we NEED a wrapper
> script for it to work?
> Regards, 
> Ralph

It should work the same, but samba-tool may be running in a very
different environment to 'samba', for example in terms of a PATH.  Turn
up the logging in 'samba' via the smb.conf or (eg) -d10 to debug.
This isn't impacted by group policies and the same settings are
evaluated in both modes, indeed the same code is run (the password_hash
module is invoked in both cases and calls the same helper).

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open SourceSolutions

More information about the samba mailing list