[Samba] winbind and locking accounts?

Jeff Sadowski jeff.sadowski at gmail.com
Wed Jul 31 15:00:08 UTC 2019

I would still like to temporarily lock the account after 5 attempts
(set in AD) and lock the account for 30 minutes (also set in AD) It
makes it harder for someone guessing

On Tue, Jul 30, 2019 at 12:03 PM Joachim Lindenberg
<samba at lindenberg.one> wrote:
> If you require sufficient entropy for passwords, then locking users on failed attempts is actually a bad idea, because it is trivial to lock user´s accounts (a denial of service), whereas it is almost impossible to actually guess the right one. Locking accounts is only a good idea if the secrets are small, like the pin of a credit card.
> Regards, Joachim
> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Jeff Sadowski via samba
> Gesendet: Tuesday, 30 July 2019 16:12
> An: samba <samba at lists.samba.org>
> Betreff: [Samba] winbind and locking accounts?
> One of my colleagues at work brought to my attention that  they could continuously attempt different passwords on a linux machine connected via AD via winbind. I did a test or too and it appears not to lock the account after numerous attempts. Is there a way to get the behavior like windows where too many invalid passwords puts a temporary lock on the account?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list