[Samba] winbind and locking accounts?

Joachim Lindenberg samba at lindenberg.one
Tue Jul 30 18:03:42 UTC 2019

If you require sufficient entropy for passwords, then locking users on failed attempts is actually a bad idea, because it is trivial to lock user´s accounts (a denial of service), whereas it is almost impossible to actually guess the right one. Locking accounts is only a good idea if the secrets are small, like the pin of a credit card.
Regards, Joachim

-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Jeff Sadowski via samba
Gesendet: Tuesday, 30 July 2019 16:12
An: samba <samba at lists.samba.org>
Betreff: [Samba] winbind and locking accounts?

One of my colleagues at work brought to my attention that  they could continuously attempt different passwords on a linux machine connected via AD via winbind. I did a test or too and it appears not to lock the account after numerous attempts. Is there a way to get the behavior like windows where too many invalid passwords puts a temporary lock on the account?

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list