[Samba] winbind and locking accounts?

Jeff Sadowski jeff.sadowski at gmail.com
Tue Jul 30 14:39:37 UTC 2019

winbindd -V
Failed to create /var/log/samba/cores for user 11490 with mode 0700
Unable to setup corepath for winbindd: Permission denied
Version 4.10.5

cat /etc/samba/smb.conf
   log level = 3 winbind:5
   winbind cache time = 10
   security = ads
   realm = SUB.DOMAIN
   workgroup = SUB
   idmap config * : backend = tdb
   idmap config * : range = 2000-7999
   idmap config SUB:backend = ad
   idmap config SUB:schema_mode = rfc2307
   idmap config SUB:range = 8000-9999999
   idmap config SUB:unix_nss_info = yes
   idmap config SUB:unix_primary_group = yes
   winbind use default domain = yes
   restrict anonymous = 2

On Tue, Jul 30, 2019 at 8:11 AM Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> One of my colleagues at work brought to my attention that  they could
> continuously attempt different passwords on a linux machine connected
> via AD via winbind. I did a test or too and it appears not to lock the
> account after numerous attempts. Is there a way to get the behavior
> like windows where too many invalid passwords puts a temporary lock on
> the account?

More information about the samba mailing list