search for: 906305

...ctive Directory. This works as expected apart from an issue whereby after changing a password, a user can login with both their old and their new password. Having done a bit of investigation, it appears that this is a 'feature' from Microsoft as described in http://support.microsoft.com/kb/906305/en-us and http://community.ca.com/blogs/securityadvisor/archive/2007/12/11/microsoft-ntlm-authentication-behavior-allows-using-of-old-passwords.aspx The systems that currently use pam_winbind are a combination of RHEL 4/5 and SLES 10/11 servers with the samba packages that are released with the d...

...octitle_init() or link against libbsd-ctor. > > > > If a password is changed but the old password still works on *some* windows machines, then this is very probably not a Samba problem, it could in fact be a windows 'feature', see here: https://support.microsoft.com/en-us/kb/906305 Rowland

Hello, Some users in my domain report that they have to use different (old) passwords on different computers. They say that they still have to use their "old" passwords after they changed it. My domain setup is that users are asked to automatically change their password on Windows 7 Enterprise after some months. So they have to do that. Otherwise they cannot login. But why is it, that

...n a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum passw...

...n a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum passw...

...or. >> >> >> >> > >If a password is changed but the old password still works on *some* >windows machines, then this is very probably not a Samba problem, it >could in fact be a windows 'feature', see here: > >https://support.microsoft.com/en-us/kb/906305 > >Rowland > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba thank you! I found "Enforce Password History" in the GPO. It is set to 24 per default, so that the password has to be cha...

...n a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum passw...

...n a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum passw...

...n a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum passw...

...n a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum passw...

...n a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum passw...

...n a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum passw...

...n a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum passw...

...n a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum passw...