[Samba] winbind and locking accounts?
Jeff Sadowski
jeff.sadowski at gmail.com
Tue Jul 30 16:36:15 UTC 2019
This is a MS AD environment with a 2008R2 server
The client is linux but does not have samba-tool installed is there
another command I can use as a client
it wants to install samba-dc for samba-tool
On Tue, Jul 30, 2019 at 9:16 AM Rowland penny via samba
<samba at lists.samba.org> wrote:
>
> On 30/07/2019 15:39, Jeff Sadowski via samba wrote:
> > winbindd -V
> > Failed to create /var/log/samba/cores for user 11490 with mode 0700
> > Unable to setup corepath for winbindd: Permission denied
> > Version 4.10.5
> >
> > cat /etc/samba/smb.conf
> > [global]
> > log level = 3 winbind:5
> > winbind cache time = 10
> > security = ads
> > realm = SUB.DOMAIN
> > workgroup = SUB
> > idmap config * : backend = tdb
> > idmap config * : range = 2000-7999
> > idmap config SUB:backend = ad
> > idmap config SUB:schema_mode = rfc2307
> > idmap config SUB:range = 8000-9999999
> > idmap config SUB:unix_nss_info = yes
> > idmap config SUB:unix_primary_group = yes
> > winbind use default domain = yes
> > restrict anonymous = 2
> >
> > On Tue, Jul 30, 2019 at 8:11 AM Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> >> One of my colleagues at work brought to my attention that they could
> >> continuously attempt different passwords on a linux machine connected
> >> via AD via winbind. I did a test or too and it appears not to lock the
> >> account after numerous attempts. Is there a way to get the behavior
> >> like windows where too many invalid passwords puts a temporary lock on
> >> the account?
>
> It should work, this was implemented back at Samba 4.2.0, what does this
> show:
>
> samba-tool domain passwordsettings show
>
> Note: there is a 60 minute grace period with the old password.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list