2014-09-19 13:31 GMT+02:00 Robert Ludvik <[email protected]>: > Hi. > Thanks for a quick reply and sorry for confusion about pwd history - this > is another issue. > To achieve pwd history in the Samba world, I had to set up this with > pdbedit on our PDC: > # pdbedit -P "password history" -C 5 > # pdbedit -P "password history" > account policy "password history" description: Length of Password History > Entries (default: 0 => off) > account policy "password history" value is: 5 > > And changing a password via Windows Ctrl-Alt-Del takes this into account: > http://snag.gy/GXp7I.jpg > > If I enable pwd history on LDAP server and set it to 5, I can still change > password via LTB to the previous one. Like it doesn't take this setting > into account. > >
Clearly, because you configure password history with samba administration tools. It only affects samba passwords, not LDAP password (userPassword). > > Our AD is actually PDC (Samba with LDAP backend). > userPassword and sambaNTPassword attributes are changed, when I change > password (either via Windows or LTB). > > Is there a way to get more verbose error report from LDAP? ($errno = > ldap_errno($ldap);) > > The best is to watch logs on server side. You can also activate debug mode on SSP.
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
