[Samba] Samba 3.0.24 + LDAP - User Lockout not working
Axel Werner
mail at awerner.homeip.net
Thu Feb 12 15:24:30 GMT 2009
Hi,
im trying to setup a password policy with samba and openldap. while
lockout works perfect on openldap it looks like it does not work with my
samba.
Ive set "sambaLockoutThreshold" to 3 and "sambaLockoutDuration" to -1
(lockout forever) within the Domain-Object in LDAP. So i expect whenever
a windows user does 3 false logon attemps his samba account will be
LOCKED forever, until reseted by an admin.
If i peek those parameters with "pdbedit -P" it will confirm my
konfiguration. so it looks fine.
I also found the "sambaBadPasswordCount" Attribute in every User-Object
in the LDAP tree. Default is 0
Now i do several false login attempts from my windows xp workstation
(usualy 5 attempts) and recheck that "sambaBadPasswordCount" Attribute
in that specific userobject. STILL showing 0 !!
btw: the "admin" object that is configured in smb.conf has all the
permissions to access and write ALL attributes of any object in my DIT.
Does anyone knows this Problem ?!? im lost!
i use Debian 4.0 with the debian packages for Samba 3.0.24 and openldap.
More information about the samba
mailing list