Hi, not all Samba-LDAP attributes that are listed in the Samba3-LDAP-Schema are working yet. IMHO the only source that mentions it clearly is the Samba HOWTO.
Please refer to "http://de3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2582136" and search for "LDAP Special Attributes for sambaSamAccounts". Cheers, Christian =========================================================== Christian Rost roCon - Informationstechnologie Glatzer Weg 4 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de --------Axel Werner <m...@awerner.homeip.net> wrote-------- Subject: [Samba] Samba 3.0.24 + LDAP - User Lockout not working Date: 12.02.2009 16:30 >Hi, > >im trying to setup a password policy with samba and openldap. while >lockout works perfect on openldap it looks like it does not work with my >samba. > >Ive set "sambaLockoutThreshold" to 3 and "sambaLockoutDuration" to -1 >(lockout forever) within the Domain-Object in LDAP. So i expect whenever >a windows user does 3 false logon attemps his samba account will be >LOCKED forever, until reseted by an admin. >If i peek those parameters with "pdbedit -P" it will confirm my >konfiguration. so it looks fine. >I also found the "sambaBadPasswordCount" Attribute in every User-Object >in the LDAP tree. Default is 0 >Now i do several false login attempts from my windows xp workstation >(usualy 5 attempts) and recheck that "sambaBadPasswordCount" Attribute >in that specific userobject. STILL showing 0 !! >btw: the "admin" object that is configured in smb.conf has all the >permissions to access and write ALL attributes of any object in my DIT. > >Does anyone knows this Problem ?!? im lost! > >i use Debian 4.0 with the debian packages for Samba 3.0.24 and openldap. > > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba