[Samba] User Lockout after 3 false login attempts ???

Axel Werner mail at awerner.homeip.net
Fri Feb 13 08:33:19 GMT 2009

NOBODY ?? Noone here with successfull experience on User Lockout using 
Samba+LDAP ??

i cant believe this.

Am 12.02.2009 16:24, Axel Werner schrieb:
> Hi,
> im trying to setup a password policy with samba and openldap. while 
> lockout works perfect on openldap it looks like it does not work with 
> my samba.
> Ive set "sambaLockoutThreshold" to 3  and "sambaLockoutDuration" to -1 
> (lockout forever) within the Domain-Object in LDAP. So i expect 
> whenever a windows user does 3 false logon attemps his samba account 
> will be LOCKED forever, until reseted by an admin.
> If i peek those parameters with "pdbedit -P" it will confirm my 
> konfiguration. so it looks fine.
> I also found the "sambaBadPasswordCount" Attribute in every 
> User-Object in the LDAP tree. Default is 0
> Now i do several false login attempts from my windows xp workstation 
> (usualy 5 attempts) and recheck that "sambaBadPasswordCount" Attribute 
> in that specific userobject. STILL showing 0 !!
> btw: the "admin" object that is configured in smb.conf has all the 
> permissions to access and write ALL attributes of any object in my DIT.
> Does anyone knows this Problem ?!? im lost!
> i use Debian 4.0 with the debian packages for Samba 3.0.24 and openldap.

More information about the samba mailing list