Prev: samba printing from 64-bit windows server 2008
Next: [Samba] Win7 enum missing in samba 3.5.3
From: Matthew Delves on 8 Jun 2010 20:20
I'm currently using an implementation of pam_winbind to authenticate users on linux servers via Active Directory. This works as expected apart from an issue whereby after changing a password, a user can login with both their old and their new password.

Having done a bit of investigation, it appears that this is a 'feature' from Microsoft as described in http://support.microsoft.com/kb/906305/en-us and http://community.ca.com/blogs/securityadvisor/archive/2007/12/11/microsoft-ntlm-authentication-behavior-allows-using-of-old-passwords.aspx

The systems that currently use pam_winbind are a combination of RHEL 4/5 and SLES 10/11 servers with the samba packages that are released with the distro.

If anyone is aware of a way to address the issue without having to modify anything on the windows domain controller, it would be greatly appreciated.

Thanks,
Matt Delves
--

---------------------------------------------
Matthew Delves
System Administrator
Information Systems
Networks & Infrastructure
University of Ballarat
ph: 03 5327 9732
email: m.delves(a)ballarat.edu.au


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: samba printing from 64-bit windows server 2008
Next: [Samba] Win7 enum missing in samba 3.5.3