[Samba] Account Lockout (Repost)

[Joel Hammer]

I am just an amateur, but, I like writing bash scripts. Maybe you do, too. 

Have you thought about writing a script to do this?

I forget all the ins and outs of logging on, but there is  a log entry
generated when a login fails. You might have a script check this log
and take the appropriate action.

You  can set up individual log files for each user, like this:
log file = /var/log/samba/%U
Individual user log files are very attractive in a lot of ways.

If you start smbd with smbd -d3 you get a fairly small amount of verbiage
(experiment!). You then could have a login script which runs and looks at
this file and decides if the guy has had too many bad logins.  Then,
appropriate action could be taken by the script, like putting that name into
an invalid users file or something.

Just an idea, and I haven't tried any of this out.

Of course, there may be a perfectly easy to use parameter in smb.conf to
use but I couldn't find it.


Joel

On Mon, May 26, 2003 at 09:02:31PM -0400, Mike Carpenter wrote:
> Hi all,
> 
> My boss is still questioning me for an answer.   I've searched thru this
> archive thru the beginning of the year as well as searched thru Google, but
> still haven't found the answer to the this question..
> 
> Is there a way in Samba to automatically disable/lockout an account if the
> user has tried to signon more than a set number incorrectly?
> 
> As an example:  if JDOE tries to sign into the Samba domain using an
> incorrect password 3 times, can Samba disable/lockout this account until
> either reset by an administrator or until a certain time period has
> expired?
> 
> My boss is looking for the same functionality in this arena that Window$ or
> Novell used to give us.
> 
> Thanks
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba