-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(CC'ing back on list)
Gianluca Culot wrote:
> When the users change their passwords on the AD domain server
> it takes one hour before winbind starts refusing the old
> password (as it is in cache, I suppose)
Nope. This is a Windows DC bug.
https://bugzilla.samba.org/show_bug.cgi?id=2874
Unless you have enabled "winbind offline logons = yes",
passwords are never cached in Winbind.
> and failing authentication, forcing the user to enter
> the new password (for example in email client)
>
> So I was thinking about lowering cache timeout... But I'm
> not happy about this.
Try setting "krb5_auth = yes" in /etc/security/pam_winbind.conf
(assuming you are running a recent version of Winbind).
cheers, jerry
====================================================================Samba
------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG6q+AIR7qMdg1EfYRAg3mAKDpt5IajIKNUIOWRolCYOCmHCM4mgCdFsgd
VQti17imu6oIB011Gr05q7k=lYxc
-----END PGP SIGNATURE-----
