Matthew Delves
2010-Jun-09 00:17 UTC
[Samba] issues with pam_winbind and ability to use old windows password
I'm currently using an implementation of pam_winbind to authenticate users on linux servers via Active Directory. This works as expected apart from an issue whereby after changing a password, a user can login with both their old and their new password. Having done a bit of investigation, it appears that this is a 'feature' from Microsoft as described in http://support.microsoft.com/kb/906305/en-us and http://community.ca.com/blogs/securityadvisor/archive/2007/12/11/microsoft-ntlm-authentication-behavior-allows-using-of-old-passwords.aspx The systems that currently use pam_winbind are a combination of RHEL 4/5 and SLES 10/11 servers with the samba packages that are released with the distro. If anyone is aware of a way to address the issue without having to modify anything on the windows domain controller, it would be greatly appreciated. Thanks, Matt Delves -- --------------------------------------------- Matthew Delves System Administrator Information Systems Networks & Infrastructure University of Ballarat ph: 03 5327 9732 email: m.delves at ballarat.edu.au
Apparently Analagous Threads
- pam_winbind and krb5_auth
- authenticating new nodes that are created by provisioning
- puppet performance and inability to retrieve file metadata
- Winbind problem related with old libnss_winbind.so and pam_winbind.so version.
- Samba and "running old wbinfo, pam_winbind or libnss_winbind clients"