[Samba] Clearing account lockout

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Sep 13 12:14:29 GMT 2007 

Thanks

That fixed it.

-----Original Message-----
From: samba-bounces+damian.lock=ssci.com at lists.samba.org
[mailto:samba-bounces+damian.lock=ssci.com at lists.samba.org] On Behalf Of
Gareth Cummings
Sent: Wednesday, September 12, 2007 4:38 AM
To: Gaiseric Vandal
Cc: samba at lists.samba.org
Subject: Re: [Samba] Clearing account lockout


The following will reset the flags to the default setting clearing the lock:

pdbedit -r -c "[]" administrator

Gaiseric Vandal wrote:
> I recently am migrating my PDC from NT4 to Samba 3.025.  Apparently 
> due to a mismatch between the capitalization of the Windows account 
> and the Unix account (Administrator vs administrator) I managed to 
> lock the account before catching the discrepenacy.
>
> # pdbedit -v administrator
> Unix username:        Administrator
> NT username:          Administrator
> Account Flags:        [ULX 
> Bad password count  : 5     
>
>
> I reset the bad password count"  field with the following command 
> 	pdbedit -z -u administrator
>
> However, the account is still locked and I can not clear the lock (X) 
> flag.
>
> # pdbedit -v administrator
> Unix username:        Administrator
> NT username:          Administrator
> Account Flags:        [ULX 
> Bad password count  : 5
>
> # pdbedit -z -u administrator
> pdb_update_autolock_flag: Account Administrator administratively 
> locked out with  no bad password time. Leaving locked out.
>
> # pdbedit -c [UX administrator
> pdb_update_autolock_flag: Account Administrator administratively 
> locked out with  no bad password time. Leaving locked out.
> Can only set [NDHLX] flags
>
>
> Resetting the lockout duration doesn't help either
>
> # pdbedit -P "lockout duration" -C 5
> account policy "lockout duration" description: Lockout duration in 
> minutes (defa
> ult: 30, -1 => forever)
> account policy "lockout duration" value was: 30
> account policy "lockout duration" value is now: 5
>
>
> Any ideas?
>
> I added a 2nd account to the unix "DomainAdmins" group (which is 
> mapped to the windows group) but that doesn't seem to give 
> automatically add it to the NT "Domain Admins" group .  This group had 
> been in the Domain Admins group on the NT4 machine.
>
> Thanks
>
>
>
>
>   
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list