Hello guys! I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3.
I am building a PDC with LDAP support (i am attaching my config files), I'm also using ldapsam:trusted and ldapsam:editposix. Although I am setting the account lock after 3 failed tries in usrmgr, and verified that the parameters are actually set in the LDAP, no locking occurs. I started thinking that it was my fault, since i generate my own ldif from a small app i created that reads a Windows AD and creates/fills an OpenLDAP with the relevant info that Linux (posix account information) and Samba needs, just like my "own" "net vampire", just that mine reads a native AD and migrates to Samba, it just defaults passwords to 1-8. cool! eh? ;) Since everything seems to worked OK except for the account locking, i rebuild the server from scratch using "net sam provision" and created and extra account, joined a machine, but stills it seems account locking is not working on samba 3.2.4. any ideas/suggestions are welcome? Victor Medina ************** Some relevant steps i did to set it up ************** smbpasswd -w 12345678 net idmap secret DEFAULT 12345678 net idmap secret alloc 12345678 rcwinbind restart net sam provision smbpasswd administrator net rpc rights grant "c1.ve\administrator" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege SeTakeOwnershipPrivilege -U administrator rcsmb start && rcnmb start && rcwinbind start *********************************** SMB.conf (global) *********************************** [global] workgroup = C1.VE netbios name = PDC-EPA1 security = user guest account = Invitado map to guest = Bad User enable privileges = yes server string = time server = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = yes domain master = yes os level = 65 preferred master = yes wins support = yes deadtime = 20 dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd encrypt passwords = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Administrador,dc=xxxx ldap suffix = dc=c1,c=ve,dc=xxx ldap user suffix = ou=people ldap group suffix = ou=group ldap machine suffix = ou=people ldap delete dn = yes ldap passwd sync = yes ldapsam:trusted = yes ldapsam:editposix = yes idmap domains = DEFAULT idmap config DEFAULT:backend = ldap idmap config DEFAULT:readonly = no idmap config DEFAULT:default = yes idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx idmap config DEFAULT:ldap_user_dn = cn=Administrador,dc=xxx idmap config DEFAULT:ldap_url = ldap://127.0.0.1 idmap config DEFAULT:range = 10000-100000 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx idmap alloc config:ldap_user_dn = cn=Administrador,dc=xxx idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:range = 10000-100000 printing = cups printcap name = cups show add printer wizard = yes load printers = yes create mask = 0640 directory mask = 0750 force create mode = 0640 force directory mode = 0750 preserve case = yes short preserve case = yes case sensitive = no mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 nt acl support = yes *********************** slapd.conf *********************** modulepath /usr/lib/openldap/modules include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba3.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to attrs=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to * by * read loglevel -1 database bdb suffix "dc=xxx" rootdn "cn=Administrador,dc=xxx" rootpw "{SSHA}xxx" directory /var/lib/ldap/ checkpoint 1024 5 cachesize 10000 index objectClass,uidNumber,gidNumber,memberUid eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index default sub ***************************** LDIF: ***************************** # This file was generated on 2008-11-05 at 11:20:00 # from the ldap://172.16.152.200:389 (bound as cn=Administrador,dc=xxxx) # by Softerra LDAP Administrator v3 [ http://www.ldapadministrator.com ] dn: c=ve,dc=xxxx c: ve objectClass: top objectClass: country description: Infraestructura Tecnologica - Venezuela dn: dc=c1,c=ve,dc=xxxx dc: c1 objectClass: dcObject objectClass: organizationalUnit ou: Tienda 1 / Oficina Central xxxx / Venezuela description: xxxx / Oficina Central EPA / Venezuela dn: ou=people,dc=c1,c=ve,dc=xxxx objectClass: top objectClass: organizationalUnit ou: people dn: ou=group,dc=c1,c=ve,dc=xxxx objectClass: top objectClass: organizationalUnit ou: group dn: ou=idmap,dc=c1,c=ve,dc=xxxx objectClass: top objectClass: organizationalUnit objectClass: sambaUnixIdPool ou: idmap gidNumber: 10016 uidNumber: 10004 dn: sambaDomainName=C1.VE,dc=c1,c=ve,dc=xxxx sambaDomainName: C1.VE sambaSID: S-1-5-21-1230964018-1252349843-1944742870 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaRefuseMachinePwdChange: 0 sambaNextRid: 1002 sambaLockoutDuration: -1 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 3 sambaMinPwdLength: 5 sambaPwdHistoryLength: 5 sambaLogonToChgPwd: 0 sambaMaxPwdAge: 7776000 sambaMinPwdAge: 0 sambaForceLogoff: -1 dn: cn=domusers,ou=group,dc=c1,c=ve,dc=xxxx objectClass: posixGroup objectClass: sambaGroupMapping cn: domusers displayName: Domain Users gidNumber: 10000 sambaSID: S-1-5-21-1230964018-1252349843-1944742870-513 sambaGroupType: 2 dn: cn=domadmins,ou=group,dc=c1,c=ve,dc=xxxx objectClass: posixGroup objectClass: sambaGroupMapping cn: domadmins displayName: Domain Admins gidNumber: 10001 sambaSID: S-1-5-21-1230964018-1252349843-1944742870-512 sambaGroupType: 2 dn: uid=Administrator,ou=people,dc=c1,c=ve,dc=xxxx objectClass: account objectClass: posixAccount objectClass: sambaSamAccount uid: Administrator cn: Administrator displayName: Administrator uidNumber: 10000 gidNumber: 10001 homeDirectory: /home/C1.VE/Administrator loginShell: /bin/false sambaSID: S-1-5-21-1230964018-1252349843-1944742870-500 sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52 sambaPasswordHistory: 0000000000000000000000000000000000000000000000000000000000000000 sambaPwdLastSet: 1225815211 sambaAcctFlags: [U ] userPassword: {SSHA}YP8U0rTihCaNlp83JlS+ZWJv4jyEFhH8 sambaProfilePath:: IA== dn: uid=Invitado,ou=people,dc=c1,c=ve,dc=xxxx objectClass: account objectClass: posixAccount objectClass: sambaSamAccount uid: Invitado cn: Invitado displayName: Invitado uidNumber: 10001 gidNumber: 10000 homeDirectory: / loginShell: /bin/false sambaSID: S-1-5-21-1230964018-1252349843-1944742870-501 sambaAcctFlags: [DU ] dn: sambaSID=S-1-5-32-544,ou=group,dc=c1,c=ve,dc=xxxx objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-544 sambaGroupType: 4 displayName: Administrators gidNumber: 10002 sambaSIDList: S-1-5-21-1230964018-1252349843-1944742870-512 dn: sambaSID=S-1-5-32-545,ou=group,dc=c1,c=ve,dc=xxxx objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 10003 sambaSIDList: S-1-5-21-1230964018-1252349843-1944742870-513 dn: uid=FERRETER-PRUQ3Z$,ou=people,dc=c1,c=ve,dc=xxxx uid: FERRETER-PRUQ3Z$ sambaSID: S-1-5-21-1230964018-1252349843-1944742870-1001 sambaAcctFlags: [W ] objectClass: sambaSamAccount objectClass: account objectClass: posixAccount cn: FERRETER-PRUQ3Z$ uidNumber: 10002 gidNumber: 10000 homeDirectory: /home/C1.VE/SMB_workstations_home loginShell: /bin/false sambaNTPassword: B055ADEFB17BCC6E6FAC8D1AC4A74DF9 sambaPwdLastSet: 1225815330 dn: uid=test001,ou=people,dc=c1,c=ve,dc=xxxx uid: test001 sambaSID: S-1-5-21-1230964018-1252349843-1944742870-1002 objectClass: sambaSamAccount objectClass: account objectClass: posixAccount cn: test001 uidNumber: 10003 gidNumber: 10000 homeDirectory: /home/C1.VE/test001 loginShell: /bin/false sambaKickoffTime: 0 sambaNTPassword: AD396BEB5A4668D740B3A9ADC48655A8 sambaPasswordHistory: B2AA5A8D71A95E53A0B4F943CDF222B2F54631924E73FE70C98B6731A1656B04000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000 sambaPwdLastSet: 1225815887 userPassword: {SSHA}nRA+2FYkZPXKBN1wri6HBcuTk2ZA6zqP sambaProfilePath:: IA== sambaAcctFlags: [U ] sambaBadPasswordTime: 0 sambaBadPasswordCount: 0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba