[Samba] samba bad password count reset between logins (not loaded from login_cache.tdb)
Andrew Bartlett
abartlet at samba.org
Sat Oct 14 06:15:04 UTC 2017
On Fri, 2017-10-06 at 11:54 -0400, Daryl Anthony Chouinard via samba
wrote:
> I found out the answer to why the bad password count was failing by
> following the stack trace
>
> If anyone has the same problem, this was caused by my access rights being
> too restrictive.
> source/passdb/Init_sam_from_ldap.c:1064 => There is a "goto fn_exit;" in
> case ldapsam_get_entry_timestamp() fails before the cache is read via
> login_cache_read. This function will fail if it cannot retrieve the
> modifyTimestamp attribute of the user entry
>
> At log level 10, the relevant log line appears:
> [...] ../source3/lib/smbldap.c:90(smbldap_talloc_single_attribute)
> Attribute modifyTimestamp does not exist
>
> The samba user needs read access to the modifyTimestamp attributes of all
> the users
>
> In the hopes this will be useful to someone,
> Daryl Anthony Chouinard
Thanks for getting back to us. I'm very glad to hear this isn't an
issue for most users, as sadly we don't have an automated testsuite for
the NT4/classic LDAP backend.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list