[Samba] SERIOUS PROBLEM - Root Account Locked
Jason Baker
jbaker at glastender.com
Wed Aug 8 18:51:31 GMT 2007
My root account keeps getting locked out automatically. I am running
Samba 3.0.25b on a CentOS server, as PDC with LDAP backend. I have
accounts set to lock after 8 un-successful login attempts. I zeroed out
the bad password count, and then in less than a few seconds the account
gets locked again and a /pdbedit -Lv -u root /yields the following:
Unix username: root
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Wed, 01 Jan 1969 03:00:00 EST
Password can change: Wed, 08 Jan 1969 03:00:00 EST
Password must change: never
Last bad password : Wed, 08 Aug 2007 13:51:14 EDT
Bad password count : 8
If I enter w on the command line, it only shows that two (authorized)
users are logged into the server. So I'm confident that no one from the
outside is attempting to log in as root. Below is my conf file. If I go
into LDAP Account Manager and unlock the account, it will stay unlocked
for a few minutes (or seconds), then it is locked out again. With the
account lock I cannot join machines to the domain, nor change domain
permissions for users and groups. Any suggestions would be helpful.
[global]
unix charset = LOCALE
workgroup = glastendernet
netbios name = aster
server string = Glastender Domain Controller running %v
interfaces = eth1, lo, tun+
bind interfaces only = yes
os level = 255
preferred master = yes
local master = yes
domain master = yes
security = user
time server = yes
username map = /etc/samba/smbusers
wins support = yes
encrypt passwords = yes
pam password change = yes
name resolve order = wins bcast hosts
winbind nested groups = no
passdb backend = ldapsam:ldap://aster.glastender.com
ldap passwd sync = Yes
ldap suffix = dc=glastender,dc=com
ldap admin dn = cn=Manager,dc=glastender,dc=com
ldap ssl = no
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://aster.glastender.com
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
#delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
#delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script =
/opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g
"%g" "%u"
domain logons = yes
log file = /var/log/samba/log.%m
log level = 0
syslog = 0
max log size = 50
#smb ports = 139 445
smb ports = 139
hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
192.168.100.0/255.255.255.0
# User profiles and home directories
logon drive = U:
logon path = \\%L\profiles\%U
logon script = %U.bat
large readwrite = no
read raw = no
write raw = no
printcap name = /etc/printcap
load printers = no
printing =
template shell = /bin/false
winbind use default domain = yes
--
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
More information about the samba
mailing list