Hello! Some days ago we migrated our production domain from Windows NT 4.0 to Samba 3.3.4 (Yes - such migrations still happen these days :-)). After migration we noticed, that from time to time the domain adminstrator account gets locked - pdbedit shows the flags [UXL]. It is easy to activated the account again, but nevertheless it unexpected and unwanted. To my knowledge, the domain administrator is not affected by the automatic locking mechanism which comes into effect following repeated login attempts using an incorrect password. In addition, the behaviour is not reproduceable in a seperated test-network, that was cleanly built up from scratch and uses the same software versions (Operating system, smbldap- tools, slapd from Debian 5.0.1, Sernet-Samba-3.3.4).
Since production and test network are both LDAP-based I compared the ldifs of both accounts. Differences found so far: The account in the test system has the attributes sambaBadPasswordCount and sambaBadPasswordTime unset while in production system they have a value of 0. Adopting the values does not change the behaviour. Does anyone know, what other criteria/attributes/circumstances might dispose Samba to autolock the account? Thanks and greetings from Biefeld, Stefan Oberwahrenbrock -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba