[Samba] Samba PDC autolocking domain administrator account
Stefan Oberwahrenbrock
oberwahrenbrock at transdata.net
Wed Jun 10 10:38:18 GMT 2009
Hello!
Some days ago we migrated our production domain from Windows NT 4.0 to
Samba 3.3.4 (Yes - such migrations still happen these days :-)). After
migration we noticed, that from time to time the domain adminstrator
account gets locked - pdbedit shows the flags [UXL]. It is easy to
activated the account again, but nevertheless it unexpected and unwanted.
To my knowledge, the domain administrator is not affected by the automatic
locking mechanism which comes into effect following repeated login attempts
using an incorrect password. In addition, the behaviour is not
reproduceable in a seperated test-network, that was cleanly built up from
scratch and uses the same software versions (Operating system, smbldap-
tools, slapd from Debian 5.0.1, Sernet-Samba-3.3.4).
Since production and test network are both LDAP-based I compared the ldifs
of both accounts. Differences found so far: The account in the test system
has the attributes sambaBadPasswordCount and sambaBadPasswordTime unset
while in production system they have a value of 0. Adopting the values does
not change the behaviour.
Does anyone know, what other criteria/attributes/circumstances might
dispose Samba to autolock the account?
Thanks and greetings from Biefeld,
Stefan Oberwahrenbrock
More information about the samba
mailing list