I thought I would ask here to see if anyone has had a similar situation and a 
solution.

We've got a SunOne Directory Server set up to authenticate our users on Linux. 
To get shared authentication with Windows, we set up Samba (2.0.33 as ships 
with CentOS 5) and the smbldap-tools.

What we need to do is get account locking to work across the board...such that 
if a user fails 5 times on a Windows machine, they will be locked out on the 
Linux systems as well....and vice versa.

Here's what I'm seeing:

On windows, failing authentication updates the "Bad Password Count" in Samba, 
additionally it adds a "pwdfailuretime" to the LDAP server. This is good, and 
is what we would like to see.

Fail 2, similar
Fail 3, similar
Fail 4, similar

On Fail 5, what seems to be happening is that the LDAP server puts in its 5th 
pwdfailuretime item, thereby locking the account, and essentially preventing 
Windows/samba from updating the final sambabadpasswordcount number....so 
Windows is eternally stuck at 4 failures. Entering a bad password on the 
Windows side says "There is a problem with the account", but entering the 
correct password lets the user right in.

That's problem one. I can clarify any of this if needed.

The other thing we want to be able to do is that if a user fails 5 times on 
Linux that it will lock out the Windows accounts. Any idea how to do that?

Thanks for any hints or conversations we can start about this. :)


                                          
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to