Encrypted Passwords & Restricting Logon Attempts
Jim Morris
Jim at Morris-World.com
Wed Nov 27 16:17:00 GMT 2002
On Wednesday, November 27, 2002, at 09:12 AM, Steve Langasek wrote:
> With Win95/98 it might not be such an issue. If you have any member
> servers in your domain, it IS an issue, because the only way to get
> recent versions of Windows to negotiate plaintext auth is for the
> server
> to say it does NOT support encrypted passwords, and a server that
> doesn't
> support encrypted passwords cannot be a DC.
Well, as migration to Windows 2000 Professional on the desktop is
gradually taking place, it becomes an issue if the Samba server cannot
be a domain controller.... I believe there may also be at least one
Windows NT Server that is a domain member server as well.....
Well, it sounds to me then that the only way to support this is to add
the support to Samba itself, via a new smb.conf option such as 'max
failed login attempts = n' for example. And then either use the
/var/log/faillog that is used by pam_tally, for compatibility with the
system authentication, or store the number of failed Samba logon
attempts independantly, in a field of smbpasswd, or elsewhere.
--
Jim Morris (Jim at Morris-World.com)
More information about the samba-technical
mailing list