[Samba] Enabling account lockouts
Jeremy Allison
jra at samba.org
Sat Jul 17 01:04:16 GMT 2004
On Wed, Jul 14, 2004 at 08:41:19AM -0400, Dunn, Drew A. wrote:
> I'm running Samba 3.0.4 (using a tdb backend) as the PDC for several windows
> 2000 clients. I would like to enable an account lockout policy. I set the
> number of bad password attempts using pdbedit by issuing,
>
> # pdbedit -P "bad lockout attempt" -C 3
>
> and recieved confirmation that this was correct. I then tried to enable
> locking by issuing
>
> # pdbedit -u username -c "[L]"
>
> However pdbedit -Lv does not show any change to the account flags. I have
> been able to set other flags like "Password does not expire", "account
> disabled", etc. When setting these I receive confirmation that the flag has
> been set but go not receive any confirmation when trying to set the lockout.
>
> Any suggestions? Is there something else I need to turn on for this to
> work?
Ok, try this patch - should fix the problem (it does here).
Jeremy.
-------------- next part --------------
Index: utils/pdbedit.c
===================================================================
--- utils/pdbedit.c (revision 1535)
+++ utils/pdbedit.c (working copy)
@@ -202,7 +202,6 @@
{
SAM_ACCOUNT *sam_pwent=NULL;
BOOL ret;
- BOOL updated_autolock = False, updated_badpw = False;
if (!NT_STATUS_IS_OK(pdb_init_sam (&sam_pwent))) {
return -1;
@@ -216,19 +215,6 @@
return -1;
}
- if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock))
- DEBUG(2,("pdb_update_autolock_flag failed.\n"));
-
- if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw))
- DEBUG(2,("pdb_update_bad_password_count failed.\n"));
-
- if (updated_autolock || updated_badpw) {
- become_root();
- if(!pdb_update_sam_account(sam_pwent))
- DEBUG(1, ("Failed to modify entry.\n"));
- unbecome_root();
- }
-
ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle);
pdb_free_sam(&sam_pwent);
@@ -310,6 +296,7 @@
const char *user_sid, const char *group_sid,
const BOOL badpw)
{
+ BOOL updated_autolock = False, updated_badpw = False;
SAM_ACCOUNT *sam_pwent=NULL;
BOOL ret;
@@ -322,6 +309,14 @@
return -1;
}
+ if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) {
+ DEBUG(2,("pdb_update_autolock_flag failed.\n"));
+ }
+
+ if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) {
+ DEBUG(2,("pdb_update_bad_password_count failed.\n"));
+ }
+
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (homedir)
@@ -384,7 +379,7 @@
pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED);
pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED);
}
-
+
if (NT_STATUS_IS_OK(in->pdb_update_sam_account (in, sam_pwent)))
print_user_info (in, username, True, False);
else {
More information about the samba
mailing list