[Samba] Samba 3.0.28a integration with 2003 AD and password lockout policy?

Guenther Deschner gd at samba.org
Wed Aug 13 16:31:04 GMT 2008

Hash: SHA1

Braebaum, Neil wrote:
| I'm encountering some oddness using Samba 3.0.28a, MIT kerberos (1.6.3)
| for user authentication on Linux, to 2003 Active Directory.
| The password policy dictated by AD should lock accounts after 6
| incorrect login attempts within a 30 minute period. However, it seems to
| halve that when logging in to these Linux boxes via ssh - so after 3
| incorrect login attempts, the AD account gets locked.
| Looking in log.wb-<Domain Name> seems to show double attempts /
| authentication failures when submitting the login with an incorrect
| password (to test this).
| I have noted password level in smb.conf (it's not set in my smb.conf),
| but as I'm using encrypt passwords = yes, I thought it was irrelevant.
| It would appear that two submissions are being made, though, is that a
| Samba version thing, something I may have not got spot on with my pam
| configuration, or an issue with the Samba version?

This area of code hasn't been reworked a lot since then, so, can you
please file a bug and upload your correct log.wb-* files ?



- --
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


More information about the samba mailing list