Weird how bad password count works
Wong Onn Chee
ocwong at usa.net
Sat Jul 31 14:12:30 GMT 2004
I have just installed Samba 3.0.5 and OpenLDAP 2.2.13 as the account
The bad password attempt works with a strange behaviour.
When I set the bad lockout attempt to 3, no matter how many times I
login wrongly, the count remained at 0 and the time remained at 0.
However, when I set the bad lockout attempt to 1, after 1 wrong login,
the count became 1 and the time was updated.
Then I investigated some more.
I re-enabled the account hence clearing the count and time.
Next, I switched back to 3 bad lockout attempt and test using wrong
The count remained at 0 and the time remained at 0 (which is what I
Now, the strange thing follows.
I entered into the LDAP databsae and edited the count to become 2 and
inserted a valid value for the time.
So now, using pdbedit, it shows me that the test account has 2 bad
I login wrongly again on purpose and, voila, the count increased to 3
and my test account was locked.
This lead to my conclusion that there seems to be a bug in how this
The count is only incremented when it is just 1 count below the bad
lockout attempt value. This should not be the way it works.
Will greatly appreciate if the Samba team can throw some light on this.
More information about the samba-technical