[Samba] Samba 3.0.24 + LDAP - User Lockout not working
cr at rocon-it.de
Fri Feb 13 08:50:42 GMT 2009
not all Samba-LDAP attributes that are listed in the Samba3-LDAP-Schema are working yet. IMHO the only source that mentions it clearly is the Samba HOWTO.
Please refer to "http://de3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2582136" and search for "LDAP Special Attributes for sambaSamAccounts".
roCon - Informationstechnologie
Glatzer Weg 4
fon: +49 (0) 2306 910 658
fax: +49 (0) 2306 910 664
--------Axel Werner <mail at awerner.homeip.net> wrote--------
Subject: [Samba] Samba 3.0.24 + LDAP - User Lockout not working
Date: 12.02.2009 16:30
>im trying to setup a password policy with samba and openldap. while
>lockout works perfect on openldap it looks like it does not work with my
>Ive set "sambaLockoutThreshold" to 3 and "sambaLockoutDuration" to -1
>(lockout forever) within the Domain-Object in LDAP. So i expect whenever
>a windows user does 3 false logon attemps his samba account will be
>LOCKED forever, until reseted by an admin.
>If i peek those parameters with "pdbedit -P" it will confirm my
>konfiguration. so it looks fine.
>I also found the "sambaBadPasswordCount" Attribute in every User-Object
>in the LDAP tree. Default is 0
>Now i do several false login attempts from my windows xp workstation
>(usualy 5 attempts) and recheck that "sambaBadPasswordCount" Attribute
>in that specific userobject. STILL showing 0 !!
>btw: the "admin" object that is configured in smb.conf has all the
>permissions to access and write ALL attributes of any object in my DIT.
>Does anyone knows this Problem ?!? im lost!
>i use Debian 4.0 with the debian packages for Samba 3.0.24 and openldap.
>To unsubscribe from this list go to the following URL and read the
More information about the samba