[Samba] another question about account locking
TAKAHASHI Motonobu
monyo at monyo.com
Thu Jan 13 11:38:05 MST 2011
2011/1/14 Kevin Taylor <groucho.64738 at hotmail.com>:
> Unfortunately, that doesn't work. Since we're using an LDAP backend, we had to turn on 'encrypt
> passwords=yes' which bypasses the pam checking.
Have you actually tried it?
To set "obey pam restrictions = yes", Samba obeys PAM's restriction.
For example, try:
-----
[global]
(encrypt passwords = yes) -- default value, so not to need to set explicitly
obey pam restrictions = yes
[homes]
writeable = yes
browseable = no
-----
Usually, an user can access the homes share with valid password, but if you
set pam_deny.so correctly in system-auth, common-account or such a file, then
anyone can logon and you can see the error messages:
-----
[2011/01/14 03:24:00, 0] auth/pampass.c:smb_pam_accountcheck(792)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User monyo!
-----
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba
mailing list