[Samba] Clearing account lockout
Gaiseric Vandal
gaiseric.vandal at gmail.com
Wed Sep 12 02:39:27 GMT 2007
I recently am migrating my PDC from NT4 to Samba 3.025. Apparently due to a
mismatch between the capitalization of the Windows account and the Unix
account (Administrator vs administrator) I managed to lock the account
before catching the discrepenacy.
# pdbedit -v administrator
Unix username: Administrator
NT username: Administrator
Account Flags: [ULX
Bad password count : 5
I reset the bad password count" field with the following command
pdbedit -z -u administrator
However, the account is still locked and I can not clear the lock (X) flag.
# pdbedit -v administrator
Unix username: Administrator
NT username: Administrator
Account Flags: [ULX
Bad password count : 5
# pdbedit -z -u administrator
pdb_update_autolock_flag: Account Administrator administratively locked out
with
no bad password time. Leaving locked out.
# pdbedit -c [UX administrator
pdb_update_autolock_flag: Account Administrator administratively locked out
with
no bad password time. Leaving locked out.
Can only set [NDHLX] flags
Resetting the lockout duration doesn't help either
# pdbedit -P "lockout duration" -C 5
account policy "lockout duration" description: Lockout duration in minutes
(defa
ult: 30, -1 => forever)
account policy "lockout duration" value was: 30
account policy "lockout duration" value is now: 5
Any ideas?
I added a 2nd account to the unix "DomainAdmins" group (which is mapped to
the windows group) but that doesn't seem to give automatically add it to the
NT "Domain Admins" group . This group had been in the Domain Admins group
on the NT4 machine.
Thanks
More information about the samba
mailing list