[Samba] samba bad password count reset between logins (not loaded from login_cache.tdb)

Andrew Bartlett abartlet at samba.org
Sat Oct 14 06:15:04 UTC 2017

On Fri, 2017-10-06 at 11:54 -0400, Daryl Anthony Chouinard via samba
> I found out the answer to why the bad password count was failing by
> following the stack trace
> If anyone has the same problem, this was caused by my access rights being
> too restrictive.
> source/passdb/Init_sam_from_ldap.c:1064 => There is a "goto fn_exit;" in
> case ldapsam_get_entry_timestamp() fails before the cache is read via
> login_cache_read. This function will fail if it cannot retrieve the
> modifyTimestamp attribute of the user entry
> At log level 10, the relevant log line appears:
> [...] ../source3/lib/smbldap.c:90(smbldap_talloc_single_attribute)
>   Attribute modifyTimestamp does not exist
> The samba user needs read access to the modifyTimestamp attributes of all
> the users
> In the hopes this will be useful to someone,
> Daryl Anthony Chouinard

Thanks for getting back to us.  I'm very glad to hear this isn't an
issue for most users, as sadly we don't have an automated testsuite for
the NT4/classic LDAP backend. 


Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list