[Samba] Enabling account lockouts

Jeremy Allison jra at samba.org
Sat Jul 17 01:04:16 GMT 2004


On Wed, Jul 14, 2004 at 08:41:19AM -0400, Dunn, Drew A. wrote:
> I'm running Samba 3.0.4 (using a tdb backend) as the PDC for several windows
> 2000 clients.  I would like to enable an account lockout policy.  I set the
> number of bad password attempts using pdbedit by issuing,
> 
> # pdbedit -P "bad lockout attempt" -C 3
> 
> and recieved confirmation that this was correct.  I then tried to enable
> locking by issuing
> 
> # pdbedit -u username -c "[L]"
> 
> However pdbedit -Lv does not show any change to the account flags.  I have
> been able to set other flags like "Password does not expire", "account
> disabled", etc.  When setting these I receive confirmation that the flag has
> been set but go not receive any confirmation when trying to set the lockout.
> 
> Any suggestions?  Is there something else I need to turn on for this to
> work?

Ok, try this patch - should fix the problem (it does here).

Jeremy.
-------------- next part --------------
Index: utils/pdbedit.c
===================================================================
--- utils/pdbedit.c	(revision 1535)
+++ utils/pdbedit.c	(working copy)
@@ -202,7 +202,6 @@
 {
 	SAM_ACCOUNT *sam_pwent=NULL;
 	BOOL ret;
-	BOOL updated_autolock = False, updated_badpw = False;
 
 	if (!NT_STATUS_IS_OK(pdb_init_sam (&sam_pwent))) {
 		return -1;
@@ -216,19 +215,6 @@
 		return -1;
 	}
 
-	if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock))
-		DEBUG(2,("pdb_update_autolock_flag failed.\n"));
-
-	if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw))
-		DEBUG(2,("pdb_update_bad_password_count failed.\n"));
-
-	if (updated_autolock || updated_badpw) {
-		become_root();
-		if(!pdb_update_sam_account(sam_pwent))
-			DEBUG(1, ("Failed to modify entry.\n"));
-		unbecome_root();
-	}
-
 	ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle);
 	pdb_free_sam(&sam_pwent);
 	
@@ -310,6 +296,7 @@
 			  const char *user_sid, const char *group_sid,
 			  const BOOL badpw)
 {
+	BOOL updated_autolock = False, updated_badpw = False;
 	SAM_ACCOUNT *sam_pwent=NULL;
 	BOOL ret;
 	
@@ -322,6 +309,14 @@
 		return -1;
 	}
 	
+	if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) {
+		DEBUG(2,("pdb_update_autolock_flag failed.\n"));
+	}
+
+	if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) {
+		DEBUG(2,("pdb_update_bad_password_count failed.\n"));
+	}
+
 	if (fullname)
 		pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
 	if (homedir)
@@ -384,7 +379,7 @@
 		pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED);
 		pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED);
 	}
-	
+
 	if (NT_STATUS_IS_OK(in->pdb_update_sam_account (in, sam_pwent)))
 		print_user_info (in, username, True, False);
 	else {


More information about the samba mailing list