On Fri, 2 Aug 2024 11:50:00 +0200
Daniel Jordan via samba <samba at lists.samba.org> wrote:
> Hey list,
>
> i've stumbled upon a very strange behaviour.
>
> I change the user password on the pdc with "samba-tool user
> setpassword ..."
How do you use samba-tool with a PDC ?
Hang on, I think you mean the AD DC with FSMO roles, a PDC is something
else entirely.
>two times in a row, without login in or out
> anywhere, to make sure the password
> is only stored on the dcs.
> After doin so i am able to login into our webmail interface, which
> authentificates for
> testing only against the pdc, with both passwords for about 45 - 60
> minutes. After
> that time the login is only possible with the last password set.
>
> Is there any password caching mechanism in Samba which i am not aware
> off? And if
> so, is it possible to shorten the time or even disable it at all?
>
> Thanks in advance
>
> Daniel
>
Nothing you can do to stop this (except for using kerberos), it is a
feature of AD, for approx 60 minutes both passwords are valid.
Rowland