[Samba] SERIOUS PROBLEM - Root Account Locked

Jason Baker jbaker at glastender.com
Wed Aug 8 18:51:31 GMT 2007


My root account keeps getting locked out automatically. I am running 
Samba 3.0.25b on a CentOS server, as PDC with LDAP backend. I have 
accounts set to lock after 8 un-successful login attempts. I zeroed out 
the bad password count, and then in less than a few seconds the account 
gets locked again and a /pdbedit -Lv -u root /yields the following:
Unix username:        root
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Wed, 01 Jan 1969 03:00:00 EST
Password can change:  Wed, 08 Jan 1969 03:00:00 EST
Password must change: never
Last bad password   : Wed, 08 Aug 2007 13:51:14 EDT
Bad password count  : 8

If I enter w on the command line, it only shows that two (authorized) 
users are logged into the server. So I'm confident that no one from the 
outside is attempting to log in as root. Below is my conf file. If I go 
into LDAP Account Manager and unlock the account, it will stay unlocked 
for a few minutes (or seconds), then it is locked out again. With the 
account lock I cannot join machines to the domain, nor change domain 
permissions for users and groups. Any suggestions would be helpful.

[global]
        unix charset = LOCALE
        workgroup = glastendernet
        netbios name = aster
        server string = Glastender Domain Controller running %v
        interfaces = eth1, lo, tun+
        bind interfaces only = yes
        os level = 255
        preferred master = yes
        local master = yes
        domain master = yes
        security = user
        time server = yes
        username map = /etc/samba/smbusers
        wins support = yes
        encrypt passwords = yes
        pam password change = yes
        name resolve order = wins bcast hosts
        winbind nested groups = no
        passdb backend = ldapsam:ldap://aster.glastender.com
        ldap passwd sync = Yes
        ldap suffix = dc=glastender,dc=com
        ldap admin dn = cn=Manager,dc=glastender,dc=com
        ldap ssl = no
        ldap group suffix = ou=Groups
        ldap user suffix = ou=People
        ldap machine suffix = ou=People
        ldap idmap suffix = ou=Idmap
        idmap backend = ldap:ldap://aster.glastender.com
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        map acl inherit = yes
        add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
        #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
        add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
        add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
        #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
        add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m 
"%u" "%g"
        delete user from group script = 
/opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g 
"%g" "%u"
        domain logons = yes
        log file = /var/log/samba/log.%m
        log level = 0
        syslog = 0
        max log size = 50
        #smb ports = 139 445
        smb ports = 139
        hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 
192.168.100.0/255.255.255.0
        # User profiles and home directories
        logon drive = U:
        logon path = \\%L\profiles\%U
        logon script = %U.bat
        large readwrite = no
        read raw = no
        write raw = no
        printcap name = /etc/printcap
        load printers = no
        printing =
       template shell = /bin/false
       winbind use default domain = yes


-- 

*Jason Baker
*/IT Coordinator/


*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

-----BEGIN GEEK CODE BLOCK----- 
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++
------END GEEK CODE BLOCK------



More information about the samba mailing list