[Samba] Password caching issue

Rowland Penny rpenny at samba.org
Fri Aug 2 10:12:11 UTC 2024


On Fri, 2 Aug 2024 11:50:00 +0200
Daniel Jordan via samba <samba at lists.samba.org> wrote:

> Hey list,
> 
> i've stumbled upon a very strange behaviour.
> 
> I change the user password on the pdc with "samba-tool user
> setpassword ..." 

How do you use samba-tool with a PDC ?
Hang on, I think you mean the AD DC with FSMO roles, a PDC is something
else entirely.
 
>two times in a row, without login in or out
> anywhere, to make sure the password
> is only stored on the dcs.
> After doin so i am able to login into our webmail interface, which 
> authentificates for
> testing only against the pdc, with both passwords for about 45 - 60 
> minutes. After
> that time the login is only possible with the last password set.
> 
> Is there any password caching mechanism in Samba which i am not aware 
> off? And if
> so, is it possible to shorten the time or even disable it at all?
> 
> Thanks in advance
> 
> Daniel
> 

Nothing you can do to stop this (except for using kerberos), it is a
feature of AD, for approx 60 minutes both passwords are valid.

Rowland



More information about the samba mailing list