[Samba] Password caching issue

Daniel Jordan d.jordan at gfd.de
Mon Aug 5 11:37:23 UTC 2024


Thanks for the fast reply Rowland, that cleared things up.

And yes, i meant a AD DC with FSMO roles, no intention to cause confusion
on that point.


Best regards
Daniel



Am 02.08.2024 um 12:12 schrieb Rowland Penny via samba:
> On Fri, 2 Aug 2024 11:50:00 +0200
> Daniel Jordan via samba <samba at lists.samba.org> wrote:
>
>> Hey list,
>>
>> i've stumbled upon a very strange behaviour.
>>
>> I change the user password on the pdc with "samba-tool user
>> setpassword ..."
> How do you use samba-tool with a PDC ?
> Hang on, I think you mean the AD DC with FSMO roles, a PDC is something
> else entirely.
>   
>> two times in a row, without login in or out
>> anywhere, to make sure the password
>> is only stored on the dcs.
>> After doin so i am able to login into our webmail interface, which
>> authentificates for
>> testing only against the pdc, with both passwords for about 45 - 60
>> minutes. After
>> that time the login is only possible with the last password set.
>>
>> Is there any password caching mechanism in Samba which i am not aware
>> off? And if
>> so, is it possible to shorten the time or even disable it at all?
>>
>> Thanks in advance
>>
>> Daniel
>>
> Nothing you can do to stop this (except for using kerberos), it is a
> feature of AD, for approx 60 minutes both passwords are valid.
>
> Rowland
>




More information about the samba mailing list