Re: [Samba] Samba 3.0.24 + LDAP - User Lockout not working
On Fri, Feb 13, 2009 at 10:33:03AM +0100, Axel Werner wrote: > Is yours an OFFICIAL Answer to this problem ?? I cannot find ANY > documents telling about not used or not implemented functionality on > user lockout or those ldap attributes neither. So its hard to believe > that those things are "spare" or "unused" even after YEARS. > > I found some realy old mailinglist postsing from 2004 with exactly the > same problem. So it seems this isnt realy new stuff. > http://lists.samba.org/archive/samba/2004-July/089429.html > > Whats going on here ?! Please take a look at https://bugzilla.samba.org/show_bug.cgi?id=5825 There is at least one user for whom it finally worked, even in a PDC/BDC scenario. Volker pgpAWu3tfTHe0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.0.24 + LDAP - User Lockout not working
Hi Christian, thanks fer Answer. Is yours an OFFICIAL Answer to this problem ?? I cannot find ANY documents telling about not used or not implemented functionality on user lockout or those ldap attributes neither. So its hard to believe that those things are "spare" or "unused" even after YEARS. I found some realy old mailinglist postsing from 2004 with exactly the same problem. So it seems this isnt realy new stuff. http://lists.samba.org/archive/samba/2004-July/089429.html Whats going on here ?! thanks fer help regards Axel Am 13.02.2009 09:50, Christian Rost schrieb: Hi, not all Samba-LDAP attributes that are listed in the Samba3-LDAP-Schema are working yet. IMHO the only source that mentions it clearly is the Samba HOWTO. Please refer to "http://de3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2582136"; and search for "LDAP Special Attributes for sambaSamAccounts". Cheers, Christian === Christian Rost roCon - Informationstechnologie Glatzer Weg 4 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de Axel Werner wrote Subject: [Samba] Samba 3.0.24 + LDAP - User Lockout not working Date: 12.02.2009 16:30 Hi, im trying to setup a password policy with samba and openldap. while lockout works perfect on openldap it looks like it does not work with my samba. Ive set "sambaLockoutThreshold" to 3 and "sambaLockoutDuration" to -1 (lockout forever) within the Domain-Object in LDAP. So i expect whenever a windows user does 3 false logon attemps his samba account will be LOCKED forever, until reseted by an admin. If i peek those parameters with "pdbedit -P" it will confirm my konfiguration. so it looks fine. I also found the "sambaBadPasswordCount" Attribute in every User-Object in the LDAP tree. Default is 0 Now i do several false login attempts from my windows xp workstation (usualy 5 attempts) and recheck that "sambaBadPasswordCount" Attribute in that specific userobject. STILL showing 0 !! btw: the "admin" object that is configured in smb.conf has all the permissions to access and write ALL attributes of any object in my DIT. Does anyone knows this Problem ?!? im lost! i use Debian 4.0 with the debian packages for Samba 3.0.24 and openldap. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Samba 3.0.24 + LDAP - User Lockout not working
Hi, not all Samba-LDAP attributes that are listed in the Samba3-LDAP-Schema are working yet. IMHO the only source that mentions it clearly is the Samba HOWTO. Please refer to "http://de3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2582136"; and search for "LDAP Special Attributes for sambaSamAccounts". Cheers, Christian === Christian Rost roCon - Informationstechnologie Glatzer Weg 4 44534 Lünen fon: +49 (0) 2306 910 658 fax: +49 (0) 2306 910 664 url: http://www.rocon-it.de Axel Werner wrote Subject: [Samba] Samba 3.0.24 + LDAP - User Lockout not working Date: 12.02.2009 16:30 >Hi, > >im trying to setup a password policy with samba and openldap. while >lockout works perfect on openldap it looks like it does not work with my >samba. > >Ive set "sambaLockoutThreshold" to 3 and "sambaLockoutDuration" to -1 >(lockout forever) within the Domain-Object in LDAP. So i expect whenever >a windows user does 3 false logon attemps his samba account will be >LOCKED forever, until reseted by an admin. >If i peek those parameters with "pdbedit -P" it will confirm my >konfiguration. so it looks fine. >I also found the "sambaBadPasswordCount" Attribute in every User-Object >in the LDAP tree. Default is 0 >Now i do several false login attempts from my windows xp workstation >(usualy 5 attempts) and recheck that "sambaBadPasswordCount" Attribute >in that specific userobject. STILL showing 0 !! >btw: the "admin" object that is configured in smb.conf has all the >permissions to access and write ALL attributes of any object in my DIT. > >Does anyone knows this Problem ?!? im lost! > >i use Debian 4.0 with the debian packages for Samba 3.0.24 and openldap. > > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba