Re: [Samba] another question about account locking

2011-01-17 Thread Kevin Taylor
t want to always fail the account, only when it's locked. Is there something in ldap.conf that can be remapped to read this correctly? > Date: Fri, 14 Jan 2011 03:56:29 +0900 > Subject: Re: [Samba] another question about account locking > From: mo...@monyo.com > To: groucho.64.

[Samba] another question about account locking

2011-01-13 Thread Kevin Taylor
+0900 > Subject: Re: [Samba] another question about account locking > From: mo...@monyo.com > To: groucho.64...@hotmail.com > CC: samba@lists.samba.org > > 2011/1/14 Kevin Taylor : > > > I did give it a try with no luck. However, I'm not sure that the way the

Re: [Samba] another question about account locking

2011-01-13 Thread TAKAHASHI Motonobu
2011/1/14 Kevin Taylor : > I did give it a try with no luck. However, I'm not sure that the way the pam > rules I have set out would cause that to trip anyway. > > On most of our linux machines, we'd have the system-auth looking like this > (what is the default generated by system-config-authent

Re: [Samba] another question about account locking

2011-01-13 Thread Kevin Taylor
on share accesses, but it's really the interactive logins I need to lock. Sorry if I'm being difficult about it. :) > Date: Fri, 14 Jan 2011 03:38:05 +0900 > Subject: Re: [Samba] another question about account locking > From: mo...@monyo.com > To: groucho.64...@hotmail.c

Re: [Samba] another question about account locking

2011-01-13 Thread TAKAHASHI Motonobu
2011/1/14 Kevin Taylor : > Unfortunately, that doesn't work. Since we're using an LDAP backend, we had > to turn on 'encrypt > passwords=yes' which bypasses the pam checking. Have you actually tried it? To set "obey pam restrictions = yes", Samba obeys PAM's restriction. For example, try: ---

Re: [Samba] another question about account locking

2011-01-13 Thread Kevin Taylor
Unfortunately, that doesn't work. Since we're using an LDAP backend, we had to turn on 'encrypt passwords=yes' which bypasses the pam checking. > Date: Fri, 14 Jan 2011 02:51:58 +0900 > Subject: Re: [Samba] another question about account locking > From: mo.

Re: [Samba] another question about account locking

2011-01-13 Thread Bruce Richardson
On Fri, Jan 14, 2011 at 02:51:58AM +0900, TAKAHASHI Motonobu wrote: > 2011/1/13 Kevin Taylor : > > > > Is there a way that we can increment the samba bad password count, when a > > user fails a password on a linux system? I'm looking for ways to get both > > Windows and Linux to simultaneously lo

Re: [Samba] another question about account locking

2011-01-13 Thread TAKAHASHI Motonobu
2011/1/13 Kevin Taylor : > > Is there a way that we can increment the samba bad password count, when a > user fails a password on a linux system? I'm looking for ways to get both > Windows and Linux to simultaneously lock out accounts if they fail so many > times. We're using an LDAP backend. H

[Samba] another question about account locking

2011-01-13 Thread Kevin Taylor
Is there a way that we can increment the samba bad password count, when a user fails a password on a linux system? I'm looking for ways to get both Windows and Linux to simultaneously lock out accounts if they fail so many times. We're using an LDAP backend.