[Samba] Clearing account lockout
Gaiseric Vandal
gaiseric.vandal at gmail.com
Thu Sep 13 12:14:29 GMT 2007
Thanks
That fixed it.
-----Original Message-----
From: samba-bounces+damian.lock=ssci.com at lists.samba.org
[mailto:samba-bounces+damian.lock=ssci.com at lists.samba.org] On Behalf Of
Gareth Cummings
Sent: Wednesday, September 12, 2007 4:38 AM
To: Gaiseric Vandal
Cc: samba at lists.samba.org
Subject: Re: [Samba] Clearing account lockout
The following will reset the flags to the default setting clearing the lock:
pdbedit -r -c "[]" administrator
Gaiseric Vandal wrote:
> I recently am migrating my PDC from NT4 to Samba 3.025. Apparently
> due to a mismatch between the capitalization of the Windows account
> and the Unix account (Administrator vs administrator) I managed to
> lock the account before catching the discrepenacy.
>
> # pdbedit -v administrator
> Unix username: Administrator
> NT username: Administrator
> Account Flags: [ULX
> Bad password count : 5
>
>
> I reset the bad password count" field with the following command
> pdbedit -z -u administrator
>
> However, the account is still locked and I can not clear the lock (X)
> flag.
>
> # pdbedit -v administrator
> Unix username: Administrator
> NT username: Administrator
> Account Flags: [ULX
> Bad password count : 5
>
> # pdbedit -z -u administrator
> pdb_update_autolock_flag: Account Administrator administratively
> locked out with no bad password time. Leaving locked out.
>
> # pdbedit -c [UX administrator
> pdb_update_autolock_flag: Account Administrator administratively
> locked out with no bad password time. Leaving locked out.
> Can only set [NDHLX] flags
>
>
> Resetting the lockout duration doesn't help either
>
> # pdbedit -P "lockout duration" -C 5
> account policy "lockout duration" description: Lockout duration in
> minutes (defa
> ult: 30, -1 => forever)
> account policy "lockout duration" value was: 30
> account policy "lockout duration" value is now: 5
>
>
> Any ideas?
>
> I added a 2nd account to the unix "DomainAdmins" group (which is
> mapped to the windows group) but that doesn't seem to give
> automatically add it to the NT "Domain Admins" group . This group had
> been in the Domain Admins group on the NT4 machine.
>
> Thanks
>
>
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list