--- /dev/null
+<samba:parameter name="old password allowed period"
+ context="G"
+ advanced="1"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Number of minutes to permit an NTLM login after a password change or reset using the old password. This allows the user to re-cache the new password on multiple clients without disrupting a network reconnection in the meantime. </para>
+
+ <para>This parameter only applies when <smbconfoption name="server role"/> is set to Active Directory Domain Controller</para>
+</description>
+
+<value type="default">60</value>
+</samba:parameter>
lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True");
lpcfg_do_global_parameter(lp_ctx, "WriteRaw", "True");
lpcfg_do_global_parameter(lp_ctx, "NullPasswords", "False");
+ lpcfg_do_global_parameter(lp_ctx, "old password allowed period", "60");
lpcfg_do_global_parameter(lp_ctx, "ObeyPamRestrictions", "False");
lpcfg_do_global_parameter(lp_ctx, "TimeServer", "False");
.enum_list = NULL,
.flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
+ {
+ .label = "old password allowed period",
+ .type = P_INTEGER,
+ .p_class = P_GLOBAL,
+ .offset = GLOBAL_VAR(old_password_allowed_period),
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{
.label = "obey pam restrictions",
.type = P_BOOL,
Globals.read_raw = true;
Globals.write_raw = true;
Globals.null_passwords = false;
+ Globals.old_password_allowed_period = 60;
Globals.obey_pam_restrictions = false;
Globals.syslog = 1;
Globals.syslog_only = false;