[Samba] Samba 3.0.24 + LDAP - User Lockout not working
Axel Werner
mail at awerner.homeip.net
Fri Feb 13 09:33:03 GMT 2009
Hi Christian, thanks fer Answer.
Is yours an OFFICIAL Answer to this problem ?? I cannot find ANY
documents telling about not used or not implemented functionality on
user lockout or those ldap attributes neither. So its hard to believe
that those things are "spare" or "unused" even after YEARS.
I found some realy old mailinglist postsing from 2004 with exactly the
same problem. So it seems this isnt realy new stuff.
http://lists.samba.org/archive/samba/2004-July/089429.html
Whats going on here ?!
thanks fer help
regards Axel
Am 13.02.2009 09:50, Christian Rost schrieb:
> Hi,
>
> not all Samba-LDAP attributes that are listed in the Samba3-LDAP-Schema are working yet. IMHO the only source that mentions it clearly is the Samba HOWTO.
>
> Please refer to "http://de3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2582136" and search for "LDAP Special Attributes for sambaSamAccounts".
>
> Cheers,
>
> Christian
>
>
>
>
> ===========================================================
> Christian Rost
> roCon - Informationstechnologie
> Glatzer Weg 4
>
> 44534 Lünen
>
> fon: +49 (0) 2306 910 658
> fax: +49 (0) 2306 910 664
> url: http://www.rocon-it.de
>
>
>
> --------Axel Werner <mail at awerner.homeip.net> wrote--------
> Subject: [Samba] Samba 3.0.24 + LDAP - User Lockout not working
> Date: 12.02.2009 16:30
>
>
>> Hi,
>>
>> im trying to setup a password policy with samba and openldap. while
>> lockout works perfect on openldap it looks like it does not work with my
>> samba.
>>
>> Ive set "sambaLockoutThreshold" to 3 and "sambaLockoutDuration" to -1
>> (lockout forever) within the Domain-Object in LDAP. So i expect whenever
>> a windows user does 3 false logon attemps his samba account will be
>> LOCKED forever, until reseted by an admin.
>> If i peek those parameters with "pdbedit -P" it will confirm my
>> konfiguration. so it looks fine.
>> I also found the "sambaBadPasswordCount" Attribute in every User-Object
>> in the LDAP tree. Default is 0
>> Now i do several false login attempts from my windows xp workstation
>> (usualy 5 attempts) and recheck that "sambaBadPasswordCount" Attribute
>> in that specific userobject. STILL showing 0 !!
>> btw: the "admin" object that is configured in smb.conf has all the
>> permissions to access and write ALL attributes of any object in my DIT.
>>
>> Does anyone knows this Problem ?!? im lost!
>>
>> i use Debian 4.0 with the debian packages for Samba 3.0.24 and openldap.
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>
More information about the samba
mailing list