[S4] PW Settings being ignored?
Brian C. Huffman
bhuffman at etinternational.com
Fri Nov 26 09:24:58 MST 2010
So, I added some debugging to the code and it appears that for some
reason, even though I've set the history length to 0 in the pwsettings,
it's got a length of "4" from somewhere:
/* checks the NT hash password history */
for (i = 0; i < io->o.nt_history_len; i++) {
ret = memcmp(io->n.nt_hash,
io->o.nt_history[i].hash, 16);
if (ret == 0) {
ret = LDB_ERR_CONSTRAINT_VIOLATION;
ldb_asprintf_errstring(ldb,
"%08X: %s -
check_password_restrictions: "
- "the password was already used
(in history)!",
+ "the password was already used
(in history)! History length: %d",
W_ERROR_V(WERR_PASSWORD_RESTRICTION),
- ldb_strerror(ret));
+ ldb_strerror(ret),
io->o.nt_history_len);
io->ac->status->reject_reason =
SAM_PWD_CHANGE_PWD_IN_HISTORY;
return ret;
}
}
yields:
msg: 0000052D: Constraint violation - check_password_restrictions: the
password was already used (in history)! History length: 4
-b
On 11/26/2010 08:38 AM, Brian C. Huffman wrote:
> All,
>
> Using S4_a13, I have the pwsettings such that password history length
> should be disabled, but I'm still getting history errors when trying
> to change a password on a client (and it's not letting me change the
> password):
>
> [root at eti-sam4 var]# net pwsettings show
> Password informations for domain 'DC=xmen,DC=eti'
>
> Password complexity: off
> Password history length: 0
> Minimum password length: 7
> Minimum password age (days): 0
> Maximum password age (days): 42
>
> [testuser at polaris ~]$ passwd
> Changing password for user testuser.
> Current password:
> New password:
> Re-enter password:
> Password does not meet requirements
>
> [root at eti-sam4 var]# grep Constraint /usr/local/samba/var/samba.log
> msg: 0000052D: Constraint violation - check_password_restrictions: the
> password was already used (in history)!
>
> Any ideas what I'm doing wrong?
>
> Thanks,
> Brian
More information about the samba-technical
mailing list