[Samba] winbind and locking accounts?

Jeff Sadowski jeff.sadowski at gmail.com
Tue Jul 30 16:43:51 UTC 2019


looks like samba-tool would only run on a samba ad server anyways? I
get a bunch of errors when I try running it

sudo samba-tool domain passwordsettings show
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open
file /var/lib/samba/private/sam.ldb: No such file or directory

Unable to open tdb '/var/lib/samba/private/sam.ldb': No such file or directory
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with
backend 'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb': No
such file or directory
ERROR(ldb): uncaught exception - Unable to open tdb
'/var/lib/samba/private/sam.ldb': No such file or directory
  File "/usr/lib64/python3.7/site-packages/samba/netcmd/__init__.py",
line 185, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python3.7/site-packages/samba/netcmd/domain.py",
line 1299, in run
    credentials=creds, lp=lp)
  File "/usr/lib64/python3.7/site-packages/samba/samdb.py", line 67, in __init__
    options=options)
  File "/usr/lib64/python3.7/site-packages/samba/__init__.py", line
115, in __init__
    self.connect(url, flags, options)
  File "/usr/lib64/python3.7/site-packages/samba/samdb.py", line 82, in connect
    options=options)

On Tue, Jul 30, 2019 at 10:36 AM Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>
> This is a MS AD environment with a 2008R2 server
> The client is linux but does not have samba-tool installed is there
> another command I can use as a client
> it wants to install samba-dc for samba-tool
>
> On Tue, Jul 30, 2019 at 9:16 AM Rowland penny via samba
> <samba at lists.samba.org> wrote:
> >
> > On 30/07/2019 15:39, Jeff Sadowski via samba wrote:
> > > winbindd -V
> > > Failed to create /var/log/samba/cores for user 11490 with mode 0700
> > > Unable to setup corepath for winbindd: Permission denied
> > > Version 4.10.5
> > >
> > > cat /etc/samba/smb.conf
> > > [global]
> > >     log level = 3 winbind:5
> > >     winbind cache time = 10
> > >     security = ads
> > >     realm = SUB.DOMAIN
> > >     workgroup = SUB
> > >     idmap config * : backend = tdb
> > >     idmap config * : range = 2000-7999
> > >     idmap config SUB:backend = ad
> > >     idmap config SUB:schema_mode = rfc2307
> > >     idmap config SUB:range = 8000-9999999
> > >     idmap config SUB:unix_nss_info = yes
> > >     idmap config SUB:unix_primary_group = yes
> > >     winbind use default domain = yes
> > >     restrict anonymous = 2
> > >
> > > On Tue, Jul 30, 2019 at 8:11 AM Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> > >> One of my colleagues at work brought to my attention that  they could
> > >> continuously attempt different passwords on a linux machine connected
> > >> via AD via winbind. I did a test or too and it appears not to lock the
> > >> account after numerous attempts. Is there a way to get the behavior
> > >> like windows where too many invalid passwords puts a temporary lock on
> > >> the account?
> >
> > It should work, this was implemented back at Samba 4.2.0, what does this
> > show:
> >
> > samba-tool domain passwordsettings show
> >
> > Note: there is a 60 minute grace period with the old password.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list