Re: [Samba] Samba 3.2.4 not locking accounts?
Great to hear it. If you need to get me to test any patches feel free to ask. Jeremy Allison wrote: On Wed, Nov 05, 2008 at 05:01:15PM +, David Markey wrote: https://bugzilla.samba.org/show_bug.cgi?id=5825 I raised this bug a while ago experiencing what you are.Nobody seems to have done much about it. Not forgotten about it. I'm trying to get someone to look at this asap. I'll make sure it's a showstopper for next release. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.2.4 not locking accounts?
OK! Nice, thanks! =) -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Jueves, 06 de Noviembre de 2008 12:13 a.m. To: David Markey Cc: Victor Medina; samba@lists.samba.org Subject: Re: [Samba] Samba 3.2.4 not locking accounts? On Wed, Nov 05, 2008 at 05:01:15PM +, David Markey wrote: https://bugzilla.samba.org/show_bug.cgi?id=5825 I raised this bug a while ago experiencing what you are.Nobody seems to have done much about it. Not forgotten about it. I'm trying to get someone to look at this asap. I'll make sure it's a showstopper for next release. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.4 not locking accounts?
On Wed, Nov 05, 2008 at 10:55:57PM -, [EMAIL PROTECTED] wrote:
I can confirm that 3.0.32 does lock out accounts, I'll be going back to
that until the issue is fixed in 3.2.x
Ok, can you try the following patch for 3.2.x and 3.3.x ?
(Thanks for BoYang @ Novell for tracking down the underlying
issue !).
Jeremy.
diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c
index cd34c89..dd9fd1b 100644
--- a/source/passdb/pdb_interface.c
+++ b/source/passdb/pdb_interface.c
@@ -1150,7 +1150,9 @@ static NTSTATUS pdb_default_rename_sam_account (struct
pdb_methods *methods, str
static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods
*methods, struct samu *newpwd, bool success)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ /* Only the pdb_nds backend implements this, by
+* default just return ok. */
+ return NT_STATUS_OK;
}
static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods,
int policy_index, uint32 *value)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.4 not locking accounts?
Just applied it and it locked out the account(Yay), now i'm waiting 30 mins to see if it unlocks the account after that time, which it should. Jeremy Allison wrote: On Wed, Nov 05, 2008 at 10:55:57PM -, [EMAIL PROTECTED] wrote: I can confirm that 3.0.32 does lock out accounts, I'll be going back to that until the issue is fixed in 3.2.x Ok, can you try the following patch for 3.2.x and 3.3.x ? (Thanks for BoYang @ Novell for tracking down the underlying issue !). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.4 not locking accounts?
compilling! gonna give it a try! Thanks!
El jue, 06-11-2008 a las 06:16 -0800, Jeremy Allison escribió:
diff --git a/source/passdb/pdb_interface.c
b/source/passdb/pdb_interface.c
index cd34c89..dd9fd1b 100644
--- a/source/passdb/pdb_interface.c
+++ b/source/passdb/pdb_interface.c
@@ -1150,7 +1150,9 @@ static NTSTATUS pdb_default_rename_sam_account
(struct pdb_methods *methods, str
static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods
*methods, struct samu *newpwd, bool success)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ /* Only the pdb_nds backend implements this, by
+* default just return ok. */
+ return NT_STATUS_OK;
}
static NTSTATUS pdb_default_get_account_policy(struct pdb_methods
*methods, int policy_index, uint32 *value)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.4 not locking accounts?
Ok that seems to work properly. When is 3.2.5 expected out? David Markey wrote: Just applied it and it locked out the account(Yay), now i'm waiting 30 mins to see if it unlocks the account after that time, which it should. Jeremy Allison wrote: On Wed, Nov 05, 2008 at 10:55:57PM -, [EMAIL PROTECTED] wrote: I can confirm that 3.0.32 does lock out accounts, I'll be going back to that until the issue is fixed in 3.2.x Ok, can you try the following patch for 3.2.x and 3.3.x ? (Thanks for BoYang @ Novell for tracking down the underlying issue !). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.2.4 not locking accounts?
On Thu, Nov 06, 2008 at 03:05:53PM +, David Markey wrote: Ok that seems to work properly. When is 3.2.5 expected out? Karolin (our release manager) is on vacation at the moment. We'll probably coordinate next week and discuss a timeframe then. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.2.4 not locking accounts?
Hello guys!
I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3.
I am building a PDC with LDAP support (i am attaching my config files),
I'm also using ldapsam:trusted and ldapsam:editposix.
Although I am setting the account lock after 3 failed tries in usrmgr,
and verified that the parameters are actually set in the LDAP, no
locking occurs.
I started thinking that it was my fault, since i generate my own ldif
from a small app i created that reads a Windows AD and creates/fills an
OpenLDAP with the relevant info that Linux (posix account information)
and Samba needs, just like my own net vampire, just that mine reads
a native AD and migrates to Samba, it just defaults passwords to 1-8.
cool! eh? ;)
Since everything seems to worked OK except for the account locking, i
rebuild the server from scratch using net sam provision and created
and extra account, joined a machine, but stills it seems account locking
is not working on samba 3.2.4.
any ideas/suggestions are welcome?
Victor Medina
**
Some relevant steps i did to set it up
**
smbpasswd -w 12345678
net idmap secret DEFAULT 12345678
net idmap secret alloc 12345678
rcwinbind restart
net sam provision
smbpasswd administrator
net rpc rights grant c1.ve\administrator SeMachineAccountPrivilege
SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege
SeDiskOperatorPrivilege SeTakeOwnershipPrivilege -U administrator
rcsmb start rcnmb start rcwinbind start
***
SMB.conf (global)
***
[global]
workgroup = C1.VE
netbios name= PDC-EPA1
security= user
guest account = Invitado
map to guest= Bad User
enable privileges = yes
server string =
time server = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = yes
domain master = yes
os level= 65
preferred master= yes
wins support= yes
deadtime= 20
dont descend= /proc,/dev,/etc,/lib,/lost+found,/initrd
encrypt passwords = yes
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Administrador,dc=
ldap suffix = dc=c1,c=ve,dc=xxx
ldap user suffix= ou=people
ldap group suffix = ou=group
ldap machine suffix = ou=people
ldap delete dn = yes
ldap passwd sync= yes
ldapsam:trusted = yes
ldapsam:editposix = yes
idmap domains = DEFAULT
idmap config DEFAULT:backend = ldap
idmap config DEFAULT:readonly = no
idmap config DEFAULT:default = yes
idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx
idmap config DEFAULT:ldap_user_dn = cn=Administrador,dc=xxx
idmap config DEFAULT:ldap_url = ldap://127.0.0.1
idmap config DEFAULT:range = 1-10
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx
idmap alloc config:ldap_user_dn = cn=Administrador,dc=xxx
idmap alloc config:ldap_url = ldap://127.0.0.1
idmap alloc config:range = 1-10
printing= cups
printcap name = cups
show add printer wizard = yes
load printers = yes
create mask = 0640
directory mask = 0750
force create mode = 0640
force directory mode= 0750
preserve case = yes
short preserve case = yes
case sensitive = no
mangling method = hash2
Dos charset = 850
Unix charset= ISO8859-1
nt acl support = yes
***
slapd.conf
***
modulepath /usr/lib/openldap/modules
include/etc/openldap/schema/core.schema
include/etc/openldap/schema/cosine.schema
include/etc/openldap/schema/inetorgperson.schema
include/etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args
access to dn.base=
by * read
access to dn.base=cn=Subschema
by * read
access to attrs=userPassword,userPKCS12
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
loglevel -1
databasebdb
suffix dc=xxx
rootdn cn=Administrador,dc=xxx
rootpw {SSHA}xxx
directory /var/lib/ldap/
checkpoint 1024 5
cachesize 1
index
Re: [Samba] Samba 3.2.4 not locking accounts?
https://bugzilla.samba.org/show_bug.cgi?id=5825 I raised this bug a while ago experiencing what you are.Nobody seems to have done much about it. Victor Medina wrote: Hello guys! I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3. I am building a PDC with LDAP support (i am attaching my config files), I'm also using ldapsam:trusted and ldapsam:editposix. Although I am setting the account lock after 3 failed tries in usrmgr, and verified that the parameters are actually set in the LDAP, no locking occurs. I started thinking that it was my fault, since i generate my own ldif from a small app i created that reads a Windows AD and creates/fills an OpenLDAP with the relevant info that Linux (posix account information) and Samba needs, just like my own net vampire, just that mine reads a native AD and migrates to Samba, it just defaults passwords to 1-8. cool! eh? ;) Since everything seems to worked OK except for the account locking, i rebuild the server from scratch using net sam provision and created and extra account, joined a machine, but stills it seems account locking is not working on samba 3.2.4. any ideas/suggestions are welcome? Victor Medina ** Some relevant steps i did to set it up ** smbpasswd -w 12345678 net idmap secret DEFAULT 12345678 net idmap secret alloc 12345678 rcwinbind restart net sam provision smbpasswd administrator net rpc rights grant c1.ve\administrator SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege SeTakeOwnershipPrivilege -U administrator rcsmb start rcnmb start rcwinbind start *** SMB.conf (global) *** [global] workgroup = C1.VE netbios name= PDC-EPA1 security= user guest account = Invitado map to guest= Bad User enable privileges = yes server string = time server = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = yes domain master = yes os level= 65 preferred master= yes wins support= yes deadtime= 20 dont descend= /proc,/dev,/etc,/lib,/lost+found,/initrd encrypt passwords = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Administrador,dc= ldap suffix = dc=c1,c=ve,dc=xxx ldap user suffix= ou=people ldap group suffix = ou=group ldap machine suffix = ou=people ldap delete dn = yes ldap passwd sync= yes ldapsam:trusted = yes ldapsam:editposix = yes idmap domains = DEFAULT idmap config DEFAULT:backend = ldap idmap config DEFAULT:readonly = no idmap config DEFAULT:default = yes idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx idmap config DEFAULT:ldap_user_dn = cn=Administrador,dc=xxx idmap config DEFAULT:ldap_url = ldap://127.0.0.1 idmap config DEFAULT:range = 1-10 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx idmap alloc config:ldap_user_dn = cn=Administrador,dc=xxx idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:range = 1-10 printing= cups printcap name = cups show add printer wizard = yes load printers = yes create mask = 0640 directory mask = 0750 force create mode = 0640 force directory mode= 0750 preserve case = yes short preserve case = yes case sensitive = no mangling method = hash2 Dos charset = 850 Unix charset= ISO8859-1 nt acl support = yes *** slapd.conf *** modulepath /usr/lib/openldap/modules include/etc/openldap/schema/core.schema include/etc/openldap/schema/cosine.schema include/etc/openldap/schema/inetorgperson.schema include/etc/openldap/schema/nis.schema include /etc/openldap/schema/samba3.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args access to dn.base= by * read access to dn.base=cn=Subschema by * read access to attrs=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to *
Re: [Samba] Samba 3.2.4 not locking accounts?
yeap! i saw your post while googling for the problem, just before posting. thanks! Victor Medina El mié, 05-11-2008 a las 17:01 +, David Markey escribió: https://bugzilla.samba.org/show_bug.cgi?id=5825 I raised this bug a while ago experiencing what you are.Nobody seems to have done much about it. Victor Medina wrote: Hello guys! I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3. I am building a PDC with LDAP support (i am attaching my config files), I'm also using ldapsam:trusted and ldapsam:editposix. Although I am setting the account lock after 3 failed tries in usrmgr, and verified that the parameters are actually set in the LDAP, no locking occurs. I started thinking that it was my fault, since i generate my own ldif from a small app i created that reads a Windows AD and creates/fills an OpenLDAP with the relevant info that Linux (posix account information) and Samba needs, just like my own net vampire, just that mine reads a native AD and migrates to Samba, it just defaults passwords to 1-8. cool! eh? ;) Since everything seems to worked OK except for the account locking, i rebuild the server from scratch using net sam provision and created and extra account, joined a machine, but stills it seems account locking is not working on samba 3.2.4. any ideas/suggestions are welcome? Victor Medina ** Some relevant steps i did to set it up ** smbpasswd -w 12345678 net idmap secret DEFAULT 12345678 net idmap secret alloc 12345678 rcwinbind restart net sam provision smbpasswd administrator net rpc rights grant c1.ve\administrator SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege SeTakeOwnershipPrivilege -U administrator rcsmb start rcnmb start rcwinbind start *** SMB.conf (global) *** [global] workgroup = C1.VE netbios name= PDC-EPA1 security= user guest account = Invitado map to guest= Bad User enable privileges = yes server string = time server = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = yes domain master = yes os level= 65 preferred master= yes wins support= yes deadtime= 20 dont descend= /proc,/dev,/etc,/lib,/lost+found,/initrd encrypt passwords = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Administrador,dc= ldap suffix = dc=c1,c=ve,dc=xxx ldap user suffix= ou=people ldap group suffix = ou=group ldap machine suffix = ou=people ldap delete dn = yes ldap passwd sync= yes ldapsam:trusted = yes ldapsam:editposix = yes idmap domains = DEFAULT idmap config DEFAULT:backend = ldap idmap config DEFAULT:readonly = no idmap config DEFAULT:default = yes idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx idmap config DEFAULT:ldap_user_dn = cn=Administrador,dc=xxx idmap config DEFAULT:ldap_url = ldap://127.0.0.1 idmap config DEFAULT:range = 1-10 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx idmap alloc config:ldap_user_dn = cn=Administrador,dc=xxx idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:range = 1-10 printing= cups printcap name = cups show add printer wizard = yes load printers = yes create mask = 0640 directory mask = 0750 force create mode = 0640 force directory mode= 0750 preserve case = yes short preserve case = yes case sensitive = no mangling method = hash2 Dos charset = 850 Unix charset= ISO8859-1 nt acl support = yes *** slapd.conf *** modulepath /usr/lib/openldap/modules include/etc/openldap/schema/core.schema include/etc/openldap/schema/cosine.schema include/etc/openldap/schema/inetorgperson.schema include/etc/openldap/schema/nis.schema include /etc/openldap/schema/samba3.schema pidfile /var/run/slapd/slapd.pid argsfile/var/run/slapd/slapd.args access to dn.base= by * read access to dn.base=cn=Subschema
Re: [Samba] Samba 3.2.4 not locking accounts?
I can confirm that 3.0.32 does lock out accounts, I'll be going back to that until the issue is fixed in 3.2.x yeap! i saw your post while googling for the problem, just before posting. thanks! Victor Medina El mié, 05-11-2008 a las 17:01 +, David Markey escribió: https://bugzilla.samba.org/show_bug.cgi?id=5825 I raised this bug a while ago experiencing what you are.Nobody seems to have done much about it. Victor Medina wrote: Hello guys! I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3. I am building a PDC with LDAP support (i am attaching my config files), I'm also using ldapsam:trusted and ldapsam:editposix. Although I am setting the account lock after 3 failed tries in usrmgr, and verified that the parameters are actually set in the LDAP, no locking occurs. I started thinking that it was my fault, since i generate my own ldif from a small app i created that reads a Windows AD and creates/fills an OpenLDAP with the relevant info that Linux (posix account information) and Samba needs, just like my own net vampire, just that mine reads a native AD and migrates to Samba, it just defaults passwords to 1-8. cool! eh? ;) Since everything seems to worked OK except for the account locking, i rebuild the server from scratch using net sam provision and created and extra account, joined a machine, but stills it seems account locking is not working on samba 3.2.4. any ideas/suggestions are welcome? Victor Medina ** Some relevant steps i did to set it up ** smbpasswd -w 12345678 net idmap secret DEFAULT 12345678 net idmap secret alloc 12345678 rcwinbind restart net sam provision smbpasswd administrator net rpc rights grant c1.ve\administrator SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege SeTakeOwnershipPrivilege -U administrator rcsmb start rcnmb start rcwinbind start *** SMB.conf (global) *** [global] workgroup = C1.VE netbios name= PDC-EPA1 security= user guest account = Invitado map to guest= Bad User enable privileges = yes server string = time server = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = yes domain master = yes os level= 65 preferred master= yes wins support= yes deadtime= 20 dont descend= /proc,/dev,/etc,/lib,/lost+found,/initrd encrypt passwords = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Administrador,dc= ldap suffix = dc=c1,c=ve,dc=xxx ldap user suffix= ou=people ldap group suffix = ou=group ldap machine suffix = ou=people ldap delete dn = yes ldap passwd sync= yes ldapsam:trusted = yes ldapsam:editposix = yes idmap domains = DEFAULT idmap config DEFAULT:backend = ldap idmap config DEFAULT:readonly = no idmap config DEFAULT:default = yes idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx idmap config DEFAULT:ldap_user_dn = cn=Administrador,dc=xxx idmap config DEFAULT:ldap_url = ldap://127.0.0.1 idmap config DEFAULT:range = 1-10 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx idmap alloc config:ldap_user_dn = cn=Administrador,dc=xxx idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:range = 1-10 printing= cups printcap name = cups show add printer wizard = yes load printers = yes create mask = 0640 directory mask = 0750 force create mode = 0640 force directory mode= 0750 preserve case = yes short preserve case = yes case sensitive = no mangling method = hash2 Dos charset = 850 Unix charset= ISO8859-1 nt acl support = yes *** slapd.conf *** modulepath /usr/lib/openldap/modules include/etc/openldap/schema/core.schema include/etc/openldap/schema/cosine.schema include/etc/openldap/schema/inetorgperson.schema include/etc/openldap/schema/nis.schema include /etc/openldap/schema/samba3.schema pidfile/var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args access to dn.base= by * read access to dn.base=cn=Subschema by
Re: [Samba] Samba 3.2.4 not locking accounts?
On Wed, Nov 05, 2008 at 05:01:15PM +, David Markey wrote: https://bugzilla.samba.org/show_bug.cgi?id=5825 I raised this bug a while ago experiencing what you are.Nobody seems to have done much about it. Not forgotten about it. I'm trying to get someone to look at this asap. I'll make sure it's a showstopper for next release. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
