[Samba] Samba4 Domain Account Lockout

Andrew Bartlett abartlet at samba.org
Wed Jan 16 04:02:31 MST 2013

On Fri, 2013-01-11 at 22:54 -0500, Chris Stoneburner wrote:
> First off, I apologize if this is a duplicate - I had some issues with
> the first email I tried to join this list with!
> I'm currently using samba4 as an AD DC (domain and forest are both
> configured with the samba-tool command to be at the 2008_R2 functional
> level) for both Windows and Linux systems.  I've got the default
> password settings set using the "samba-tool domain passwordsettings"
> command and I have all the GPOs configured as I need them for clients.
> However, I would like to configure how the account lockout functions
> for the domain accounts.  I read in the archive for this list that
> there isn't currently support for server side GPOs, so I'm not certain
> how to configure this, or if its even possible.

> My question with respect to samba is two fold: is it even POSSIBLE to
> have samba detect multiple failed login attempts to a domain account
> (e.g., the default domain administrator) and "lock" the account once a
> certain threshold has been reached and if so how is that configured?

No, this is not yet implemented in the AD DC.


Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list