I wanted to use the sambaBadPasswordCount to limit the amount of failed logins on
Windows clients within our SAMBA Domain. I created the following attributes within my
ldap server:
attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
DESC 'Bad password attempt count'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
DESC 'Time of the last bad password attempt'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
And also added these attributes to the "may" field on the sambaSamAccount objectclass,
but I cannot get the attribute to increment on failed login attempts on my Windows
client. I have tried to lock the account by changing the attributes
sambaBadPasswordCount=5 and sambaBadPasswordTime=2147483647, but when I run the pbedit
command the SAMBA administrator account changes the values back to "0" and the user is
allowed in. In addition, if I set the sambaBadPasswordCount=5 and
sambaBadPasswordTime=2147483647 and I login successfully on the windows client; the
"Last bad password" and "Bad password count" is set back to 0 by the administrator.
Does anyone know if the 3.0.4 locking is working with an LDAP backend yet? I've got it
working for a local passwd database. If there is already documentation out there to
configure this setup could someone point me to it?
If not, I already have a 3.0.2 server in production and I would like to keep it
instead of upgrading. Are there patches that can be applied to using failed password
attempts on SAMBA domains?
I need to write some documentation for our environment and I'd be happy to share it
with the SAMBA community after completion. Any assistance would truly be appreciated.
Thank you.
Patrick Hoferer
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
