Anantha Raghava
2023-Dec-26 08:58 UTC
[Samba] Users can login current and one previous password
Hi, We are running Samba-AD version 4.18.1 and are observing a peculiar behaviour. Our environment contains 5 AD Domain Controllers. Users are able to login to AD domain with "Current" and one "Previous" password. That is, if I change my password now, I can login to my PC using my new password as well as previous password. We have not set any password policies under GPO. samba-tool drs showrepl does not report any error either. Even rsync for policy sync is working properly without any errors. There are no specific errors even in logs. How do we identify and fix the issue here? Your timely guidance is highly appreciated. -- Thanks & Regards, Anantha Raghava
Rowland Penny
2023-Dec-26 09:26 UTC
[Samba] Users can login current and one previous password
On Tue, 26 Dec 2023 14:28:00 +0530 Anantha Raghava via samba <samba at lists.samba.org> wrote:> Hi, > > We are running Samba-AD version 4.18.1 and are observing a peculiar > behaviour. > > Our environment contains 5 AD Domain Controllers. Users are able to > login to AD domain with "Current" and one "Previous" password. That > is, if I change my password now, I can login to my PC using my new > password as well as previous password. >This is an AD thing, wait an hour or so and the old password will no longer work. That fast enough ? Rowland