[Samba] Account locking synchronization between Linux and Windows (my solution)

Kevin Taylor groucho.64738 at hotmail.com
Wed Aug 31 10:47:07 MDT 2011

We are using a Samba domain controller with a Sun Directory Server 7 LDAP backend and we observed that when an account was locked out on Windows, it would not lock the account on Linux as well. 

We are using Samba 3.0.33 on CentOS 5.3 and this is the change I made:

	To configure samba to perform proper windows lockout in conjunction 
with a linux lockout, we need to modify the samba source code to look 
for the pwdaccountlockedtime rather than sambaKickoffTime

	Download the source RPM for samba for the OS you're using. This example uses samba-3.0.33-3.7.el5.src.rpm from CentOS 5.3

		rpm -ivh samba-3.0.33-3.7.el5.src.rpm
		cd /usr/src/redhat/SOURCES
		tar -xzf samba-3.0.33.tar.gz
		cd samba-3.0.33/source/lib
		edit smbldap.c:    look for sambaKickoffTime and change to pwdaccountlockedtime (2 places)
		cd /usr/src/redhat/SOURCES
		rm samba-3.0.33.tar.gz
		tar -czf samba-3.0.33.tar.gz samba-3.0.33
		rm -rf samba-3.0.33
		rpmbuild -bb /usr/src/redhat/SPECS/samba.spec    (install any dependencies  i.e.  cups-devel or do a --nodeps to ignore)
		cd /usr/src/redhat/RPMS/x86_64
		rpm -Uvh --replacepkgs --force samba*.rpm
I'm not sure if this issue was addressed in later versions of Samba. I'm just posting this in case someone finds it helpful, or knows of a better/safer way to accomplish the same thing.


Kevin Taylor

More information about the samba mailing list