[Samba] Samba 3.0.24 + LDAP - User Lockout not working

Christian Rost cr at rocon-it.de
Fri Feb 13 08:50:42 GMT 2009


not all Samba-LDAP attributes that are listed in the Samba3-LDAP-Schema are working yet. IMHO the only source that mentions it clearly is the Samba HOWTO. 

Please refer to "http://de3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2582136" and search for "LDAP Special Attributes for sambaSamAccounts".



Christian Rost
roCon - Informationstechnologie
Glatzer Weg 4

44534 Lünen

fon: +49 (0) 2306 910 658
fax: +49 (0) 2306 910 664
url: http://www.rocon-it.de

--------Axel Werner <mail at awerner.homeip.net> wrote--------
Subject: [Samba] Samba 3.0.24 + LDAP - User Lockout not working
Date: 12.02.2009 16:30

>im trying to setup a password policy with samba and openldap. while 
>lockout works perfect on openldap it looks like it does not work with my 
>Ive set "sambaLockoutThreshold" to 3  and "sambaLockoutDuration" to -1 
>(lockout forever) within the Domain-Object in LDAP. So i expect whenever 
>a windows user does 3 false logon attemps his samba account will be 
>LOCKED forever, until reseted by an admin.
>If i peek those parameters with "pdbedit -P" it will confirm my 
>konfiguration. so it looks fine.
>I also found the "sambaBadPasswordCount" Attribute in every User-Object 
>in the LDAP tree. Default is 0
>Now i do several false login attempts from my windows xp workstation 
>(usualy 5 attempts) and recheck that "sambaBadPasswordCount" Attribute 
>in that specific userobject. STILL showing 0 !!
>btw: the "admin" object that is configured in smb.conf has all the 
>permissions to access and write ALL attributes of any object in my DIT.
>Does anyone knows this Problem ?!? im lost!
>i use Debian 4.0 with the debian packages for Samba 3.0.24 and openldap.
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list