[Samba] BadPwdCount Attribute. Why no replication?

Rowland Penny rowlandpenny at googlemail.com
Tue Mar 24 10:16:26 MDT 2015

On 24/03/15 16:10, James wrote:
> Hello,
>      With the upgrade to 4.2 I now have access the the lockout feature.
> I've learned the BadPwdCount attribute does not get replicated. Why is
> this? My understanding is one DC could have a value of '2' while another
> has '1'. Depending on what DC the user attempts to authenticate against.
> This user may be locked out after one invalid attempt if the threshold is 3.

Because it shouldn't be, that's why.

See: https://msdn.microsoft.com/en-us/library/ms675244%28v=vs.85%29.aspx

At the bottom, under 'Remarks'


More information about the samba mailing list