[Samba] Account lockouts

Douglas Sterner douglas_sterner at hotmail.com
Mon Jun 27 02:19:08 GMT 2005

Using Samba 3.0.14a with multiple domain controllers across WAN links I 
discovered that account lockout policies are broke. My testing show's that 
account lockout policies are not stored in LDAP as one would think but in a 
local TDB file on that particular BDC or PDC. The result is I'm seeing 
errors in my logs and users are getting locked out. There appears to be no 
replication setup or no way to replicate this policy information in a 
multiple DC environment. Depending on which DC handles the auth request is 
what policy is in effect. User Manager does not have any  provisions to 
select the BDC's to apply a consistent lockout policy. I've had to disable 
account lockouts just to let the users keep working and we have the nerve to 
complain abount MS security. Are there any plans to fix this. After 
reviewing the source code the problem seems to be the account lockout code 


On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

More information about the samba mailing list