[PATCH] Patch to implement AD password lockout in Samba's AD DC

Andrew Bartlett abartlet at samba.org
Mon Feb 10 16:55:51 MST 2014

On Tue, 2014-02-11 at 09:50 +1300, Andrew Bartlett wrote:
> G'Day,
> Attached is a patch set I've been working on for a while, which
> implements domain password lockout support in our AD DC code.  
> As many of you know, there is no support for domain password lockout
> support in our AD DC - we just never got to implementing that bit.  As
> the attached patch shows, it's a bit trickier than just simple a counter
> - because lockouts and bad password attempts have a timeout, but finally
> this is now handled.  
> It does patch our in-tree Heimdal, so we are going to have to coordinate
> with upstream Heimdal and Debian when this gets in, so ensure we don't
> break things there.  It also adds new options to the samba-tool domain
> passwordsettings tool. 
> I'm sorry for not posting it previously, all I can say is that I've been a
> bit swamped, and it slipped off my list.  I know it needs more tests,
> and to pass the tests we already have, but at this point I would prefer
> it out, and folks able to use it (manually patching it onto master),
> than to keep it to myself forever. 
> I wish to thank Univention and my employer Catalyst IT for their support of
> this important work.
> Thoughts and feedback most welcome.  My hope is to somehow get the tests
> written and this in time for 4.2, and some positive feedback would
> really help with that.
> Andrew Bartlett

While I wait for the above to get past moderation, here is the git url:

git://git.samba.org/abartlet/samba.git s4-badPwdCount-01



Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list