Re: [Samba] Samba 3.0.24 + LDAP - User Lockout not working

Fri, 13 Feb 2009 01:35:21 -0800 

Hi Christian, thanks fer Answer.
Is yours an OFFICIAL Answer to this problem ?? I cannot find ANY documents telling about not used or not implemented functionality on user lockout or those ldap attributes neither. So its hard to believe that those things are "spare" or "unused" even after YEARS. 


I found some realy old mailinglist postsing from 2004 with exactly the 
same problem. So it seems this isnt realy new stuff.

http://lists.samba.org/archive/samba/2004-July/089429.html

Whats going on here ?!

thanks fer help
regards Axel



Am 13.02.2009 09:50, Christian Rost schrieb:

Hi,


not all Samba-LDAP attributes that are listed in the Samba3-LDAP-Schema are working yet. IMHO the only source that mentions it clearly is the Samba HOWTO. 


Please refer to 
"http://de3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2582136"; and 
search for "LDAP Special Attributes for sambaSamAccounts".

Cheers,

Christian




===========================================================
Christian Rost
roCon - Informationstechnologie
Glatzer Weg 4

44534 Lünen

fon: +49 (0) 2306 910 658
fax: +49 (0) 2306 910 664
url: http://www.rocon-it.de



--------Axel Werner <m...@awerner.homeip.net> wrote--------
Subject: [Samba] Samba 3.0.24 + LDAP - User Lockout not working
Date: 12.02.2009 16:30


  

Hi,


im trying to setup a password policy with samba and openldap. while 
lockout works perfect on openldap it looks like it does not work with my 
samba.



Ive set "sambaLockoutThreshold" to 3  and "sambaLockoutDuration" to -1 
(lockout forever) within the Domain-Object in LDAP. So i expect whenever 
a windows user does 3 false logon attemps his samba account will be 
LOCKED forever, until reseted by an admin.
If i peek those parameters with "pdbedit -P" it will confirm my 
konfiguration. so it looks fine.
I also found the "sambaBadPasswordCount" Attribute in every User-Object 
in the LDAP tree. Default is 0
Now i do several false login attempts from my windows xp workstation 
(usualy 5 attempts) and recheck that "sambaBadPasswordCount" Attribute 
in that specific userobject. STILL showing 0 !!
btw: the "admin" object that is configured in smb.conf has all the 
permissions to access and write ALL attributes of any object in my DIT.


Does anyone knows this Problem ?!? im lost!

i use Debian 4.0 with the debian packages for Samba 3.0.24 and openldap.




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


    



  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to