pdb interface
Jeremy Allison
jra at samba.org
Thu Dec 9 20:15:56 GMT 2004
On Thu, Dec 09, 2004 at 12:55:33PM -0700, Vince Brimhall wrote:
> I've been working on making modifications to the ldap passdb backend to
> provide an increased level of integration with Novell Directory
> Services (NDS).
>
> I'mlooking for a way to have NDS updated for login success/failure for
> Samba
> logins. I've been unable to figure out how to accomplish this with the
> existing
> passdb interface and would like to propose adding a function to the
> interface
> that would allow passdb backends to act on the result of Samba's
> authentication.
>
> Could you comment on the possiblity of adding the following function or
> something
> similar to the interface?
>
> NTSTATUS (*pdb_update_login_attempts)(struct pdb_context *context,
> SAM_ACCOUNT *sam_acct, BOOL success);
>
> Of course if I've missed a way that it can be done with the existing
> code I'd be
> grateful for that information as well.
Can you explain what attributes in the SAM_ACCOUNT struct you need
to set here ? We do call pdb_increment_bad_password_count() on logon
failure and pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); on
success already - this changes the bad_password_count attribute in
the sampass->private struct which should be seen by the backends.
We only do this when we are authoritative for the user (in the auth_sam.c
code) and not when this is a user from an AD domain.
What extra do you need to do ?
Jeremy.
More information about the samba-technical
mailing list