-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (CC'ing back on list)
Gianluca Culot wrote: > When the users change their passwords on the AD domain server > it takes one hour before winbind starts refusing the old > password (as it is in cache, I suppose) Nope. This is a Windows DC bug. https://bugzilla.samba.org/show_bug.cgi?id=2874 Unless you have enabled "winbind offline logons = yes", passwords are never cached in Winbind. > and failing authentication, forcing the user to enter > the new password (for example in email client) > > So I was thinking about lowering cache timeout... But I'm > not happy about this. Try setting "krb5_auth = yes" in /etc/security/pam_winbind.conf (assuming you are running a recent version of Winbind). cheers, jerry ===================================================================== Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG6q+AIR7qMdg1EfYRAg3mAKDpt5IajIKNUIOWRolCYOCmHCM4mgCdFsgd VQti17imu6oIB011Gr05q7k= =lYxc -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba