[Samba] winbind and locking accounts?
Rowland penny
rpenny at samba.org
Tue Jul 30 15:15:18 UTC 2019
On 30/07/2019 15:39, Jeff Sadowski via samba wrote:
> winbindd -V
> Failed to create /var/log/samba/cores for user 11490 with mode 0700
> Unable to setup corepath for winbindd: Permission denied
> Version 4.10.5
>
> cat /etc/samba/smb.conf
> [global]
> log level = 3 winbind:5
> winbind cache time = 10
> security = ads
> realm = SUB.DOMAIN
> workgroup = SUB
> idmap config * : backend = tdb
> idmap config * : range = 2000-7999
> idmap config SUB:backend = ad
> idmap config SUB:schema_mode = rfc2307
> idmap config SUB:range = 8000-9999999
> idmap config SUB:unix_nss_info = yes
> idmap config SUB:unix_primary_group = yes
> winbind use default domain = yes
> restrict anonymous = 2
>
> On Tue, Jul 30, 2019 at 8:11 AM Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>> One of my colleagues at work brought to my attention that they could
>> continuously attempt different passwords on a linux machine connected
>> via AD via winbind. I did a test or too and it appears not to lock the
>> account after numerous attempts. Is there a way to get the behavior
>> like windows where too many invalid passwords puts a temporary lock on
>> the account?
It should work, this was implemented back at Samba 4.2.0, what does this
show:
samba-tool domain passwordsettings show
Note: there is a 60 minute grace period with the old password.
Rowland
More information about the samba
mailing list