[Samba] Samba 3.0.28a integration with 2003 AD and password lockout policy?

Guenther Deschner gd at samba.org
Wed Aug 13 16:31:04 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Braebaum, Neil wrote:
| I'm encountering some oddness using Samba 3.0.28a, MIT kerberos (1.6.3)
| for user authentication on Linux, to 2003 Active Directory.
|
| The password policy dictated by AD should lock accounts after 6
| incorrect login attempts within a 30 minute period. However, it seems to
| halve that when logging in to these Linux boxes via ssh - so after 3
| incorrect login attempts, the AD account gets locked.
|
| Looking in log.wb-<Domain Name> seems to show double attempts /
| authentication failures when submitting the login with an incorrect
| password (to test this).
|
| I have noted password level in smb.conf (it's not set in my smb.conf),
| but as I'm using encrypt passwords = yes, I thought it was irrelevant.
|
| It would appear that two submissions are being made, though, is that a
| Samba version thing, something I may have not got spot on with my pam
| configuration, or an issue with the Samba version?

This area of code hasn't been reworked a lot since then, so, can you
please file a bug and upload your correct log.wb-* files ?

Thanks,

Guenther

- --
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkijDEgACgkQSOk3aI7hFoi4CwCfd73W9y0elpD0+R96n/b9HbTH
lt8AnRtwoFSES/m7uvIrZfgywlCWwg8e
=oGtJ
-----END PGP SIGNATURE-----


More information about the samba mailing list