[Samba] DO script IF User-Account got locked
mail at awerner.homeip.net
Fri Feb 20 09:58:57 GMT 2009
Hi and thanks fer reply.
Are u talking about completly droping LDAP Authentication and only
rely/authenticate against samba ??
whats pam_winbindd all about ? i read its required if my samba is member
or some native NT or ADS domain for "somehow" mapping foreign NT Users
to some Unix users. Is it more than that ? Are there some good
Docs/Manuals about that a normal Human (Not a C Coder) can understand ?
Am 19.02.2009 16:42, François Legal schrieb:
> If you want to prevent the user from unlocking its samba account, you can
> probably do it with ACL on your directory (only allow modification to samba
> attributes by the bind user used by samba).
> If you want to prevent the user from logging in Linux when his account is
> locked, then you could consider using pam_winbindd instead of pam_ldap
> On Thu, 19 Feb 2009 13:14:48 +0100, Axel Werner <mail at awerner.homeip.net>
>> Hi Gurus out there!
>> Is there a Way to have Samba start a script in some way like those
>> addnewmachine or addnewuser scripts, that kicks in whenever a samba
>> user-account got locked down ?? (through manual lock OR more important,
>> through a intruder detection / x failed logon attempts )
>> My Problem is that whenever a Samba Account got locked because of
>> exceeding max. failed logon attempts the corresponding LDAP User Object
>> is still "unlocked". So when however the user cannot log back in to
>> samba, he is still able to log in on linux console (through pam_ldap)
>> and reset his password or so more nasty things. So i want to make sure
>> that if he fucks up his samba account , his LDAP account will also be
>> Some Hook for a custom script would be fine. But is there something like
>> that ?
>> Any other Ideas how to manage that ?
More information about the samba