[Samba] Enabling account lockouts
Jeremy Allison
jra at samba.org
Sat Jul 17 00:33:55 GMT 2004
On Wed, Jul 14, 2004 at 08:41:19AM -0400, Dunn, Drew A. wrote:
> I'm running Samba 3.0.4 (using a tdb backend) as the PDC for several windows
> 2000 clients. I would like to enable an account lockout policy. I set the
> number of bad password attempts using pdbedit by issuing,
>
> # pdbedit -P "bad lockout attempt" -C 3
>
> and recieved confirmation that this was correct. I then tried to enable
> locking by issuing
>
> # pdbedit -u username -c "[L]"
>
> However pdbedit -Lv does not show any change to the account flags. I have
> been able to set other flags like "Password does not expire", "account
> disabled", etc. When setting these I receive confirmation that the flag has
> been set but go not receive any confirmation when trying to set the lockout.
>
> Any suggestions? Is there something else I need to turn on for this to
> work?
No, this is a bug in that pdbedit when printing out a user account
info checks the current time and turns off/on the locked out flag L
based on if the account has timed out. pdbedit shouldn't be doing
that when printing an account - only when modifying. I'll fix it.
Thanks for the report.
Jeremy.
More information about the samba
mailing list