[Samba] Samba 3.0.24 + LDAP - User Lockout not working

Axel Werner mail at awerner.homeip.net
Thu Feb 12 15:24:30 GMT 2009


im trying to setup a password policy with samba and openldap. while 
lockout works perfect on openldap it looks like it does not work with my 

Ive set "sambaLockoutThreshold" to 3  and "sambaLockoutDuration" to -1 
(lockout forever) within the Domain-Object in LDAP. So i expect whenever 
a windows user does 3 false logon attemps his samba account will be 
LOCKED forever, until reseted by an admin.
If i peek those parameters with "pdbedit -P" it will confirm my 
konfiguration. so it looks fine.
I also found the "sambaBadPasswordCount" Attribute in every User-Object 
in the LDAP tree. Default is 0
Now i do several false login attempts from my windows xp workstation 
(usualy 5 attempts) and recheck that "sambaBadPasswordCount" Attribute 
in that specific userobject. STILL showing 0 !!
btw: the "admin" object that is configured in smb.conf has all the 
permissions to access and write ALL attributes of any object in my DIT.

Does anyone knows this Problem ?!? im lost!

i use Debian 4.0 with the debian packages for Samba 3.0.24 and openldap.

More information about the samba mailing list