[Samba] pdb_increment_bad_password_count
TAKAHASHI Motonobu
monyo at monyo.com
Thu Sep 15 08:41:27 MDT 2011
From: David Hoskinson <david.hoskinson at datatrak.net>
Date: Thu, 15 Sep 2011 08:18:22 -0500
> After moving from Redhat AS4 to RHEL 5.5 we started noticing these
> error messages in the messages log.
(snip)
> LDAP server has had no changes to it, or its schema.
> /var/log/messages:
> Sep 15 12:51:39 xxx301 smbd[22218]: [2011/09/15 12:51:39, 0] passdb/passdb.c:pdb_increment_bad_password_count(1477)
> Sep 15 12:51:39 xxx301 smbd[22218]: pdb_increment_bad_password_count: pdb_get_account_policy failed.
> Sep 15 12:51:53 xxx301 smbd[22218]: [2011/09/15 12:51:53, 0] lib/util_sock.c:read_data(540)
> Sep 15 12:51:53 xxx301 smbd[22218]: read_data: read failure for 4 bytes to client 192.168.x.x. Error = Connection
> Old system:
> samba-common-3.0.10-1.4E.6
> samba-client-3.0.10-1.4E.6
> samba-3.0.10-1.4E.6
> New system
> samba-common-3.0.33-3.29.el5_6.2
> samba-3.0.33-3.29.el5_6.2
After Samba 3.0.21, the information for account policy became stored
in LDAP, instead of local tdb file if using LDAP as passdb backend.
So you have to set LDAP attributes about account policy in your LDAP
directory correctly.
In my env, here is settings about accont policy and other domain
specific attributes:
# ldapsearch -Y EXTERNAL -H ldapi:/// -b dc=sambadom,dc=local '(sambaDomainName=SAMBADOM)'
(snip)
# SAMBADOM, sambadom.local
dn: sambaDomainName=SAMBADOM,dc=sambadom,dc=local
sambaDomainName: SAMBADOM
sambaSID: S-1-5-21-1179644376-2526199691-xxxxxxxxxx
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaRefuseMachinePwdChange: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaMinPwdLength: 7
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 1
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaForceLogoff: -1
sambaNextRid: 1021
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba
mailing list