[PATCH] Patch to implement AD password lockout in Samba's AD DC

Andrew Bartlett abartlet at samba.org
Sat Mar 22 04:24:36 MDT 2014 

On Fri, 2014-03-21 at 17:16 +0100, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> 
> >> I've now tested with Windows and Samba and have a patch series at:
> >>
> >> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/metze-master4-abartlet2
> > 
> > Updated patches have been pushed!
> > 
> > Hopefully we are getting closer.
> 
> I merged this together with my branch
> and the result can be found at
> 
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-abartlet2
> 
> Please have a look at
> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=a4a8098f2dd374c1109742637bf180b15099d243
> and
> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=c831e273cfe36c5dff68443391f015c58adf1df7
> 
> which I reworked at bit. They require your sign-off to be refreshed.

These look good, and much clearer.   Signed-off-by: Andrew Bartlett
<abartlet at samba.org>

> I need to review and run the tests from
> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=a5eb6e1028ae679a327835239c16ca2d896ec17c
> again in order to decide about
> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=56dfed17d70048fefd1b7e10c81103109d6e44c8

I think this is now covered.

> and
> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=5e41a86f5e0421116b15b2a3f9b937ed241a0e3a

badPwdCount is not reset on a successful LDAP password change.  The
tests of samr code I've just done show that SAMR password changes also
don't change that.  I don't currently have good enough tests for what
happens to the lockoutTime, but to get this far it must not be relevant
(ie in the past), and for LDAP the test I've just added to
password_lockout.py shows this patch should be dropped, it doesn't
actually update lockoutTime.

> I've started to look at the tests, but I'm not done yet...

Thanks.

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Revert-dsdb-reset-badPwdCount-and-and-remove-lockout.patch
Type: text/x-patch
Size: 1476 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140322/86a69058/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-fixup-selftest-Add-test-for-password-lockout.patch
Type: text/x-patch
Size: 2300 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140322/86a69058/attachment-0001.bin>

More information about the samba-technical mailing list