[Samba] DO script IF User-Account got locked

Axel Werner mail at awerner.homeip.net
Thu Feb 19 12:14:48 GMT 2009

Hi Gurus out there!

Is there a Way to have Samba start a script in some way like those 
addnewmachine or addnewuser scripts, that kicks in whenever a samba 
user-account got locked down ?? (through manual lock OR more important, 
through a intruder detection / x failed logon attempts )

My Problem is that whenever a Samba Account got locked because of 
exceeding max. failed logon attempts the corresponding LDAP User Object 
is still "unlocked". So when however the user cannot log back in to 
samba, he is still able to log in on linux console (through pam_ldap) 
and reset his password or so more nasty things. So i want to make sure 
that if he fucks up his samba account , his LDAP account will also be 

Some Hook for a custom script would be fine. But is there something like 
that ?
Any other Ideas how to manage that ?


More information about the samba mailing list