Re: [Samba] another question about account locking

2011-01-17 Thread Kevin Taylor
the account, only when it's locked. Is there something in ldap.conf that can be remapped to read this correctly? Date: Fri, 14 Jan 2011 03:56:29 +0900 Subject: Re: [Samba] another question about account locking From: mo...@monyo.com To: groucho.64...@hotmail.com CC: samba@lists.samba.org 2011

[Samba] another question about account locking

2011-01-13 Thread Kevin Taylor
Is there a way that we can increment the samba bad password count, when a user fails a password on a linux system? I'm looking for ways to get both Windows and Linux to simultaneously lock out accounts if they fail so many times. We're using an LDAP backend.

Re: [Samba] another question about account locking

2011-01-13 Thread TAKAHASHI Motonobu
2011/1/13 Kevin Taylor groucho.64...@hotmail.com: Is there a way that we can increment the samba bad password count, when a user fails a password on a linux system? I'm looking for ways to get both Windows and Linux to simultaneously lock out accounts if they fail so many times. We're

Re: [Samba] another question about account locking

2011-01-13 Thread Bruce Richardson
On Fri, Jan 14, 2011 at 02:51:58AM +0900, TAKAHASHI Motonobu wrote: 2011/1/13 Kevin Taylor groucho.64...@hotmail.com: Is there a way that we can increment the samba bad password count, when a user fails a password on a linux system? I'm looking for ways to get both Windows and Linux to

Re: [Samba] another question about account locking

2011-01-13 Thread Kevin Taylor
Unfortunately, that doesn't work. Since we're using an LDAP backend, we had to turn on 'encrypt passwords=yes' which bypasses the pam checking. Date: Fri, 14 Jan 2011 02:51:58 +0900 Subject: Re: [Samba] another question about account locking From: mo...@monyo.com To: groucho.64

Re: [Samba] another question about account locking

2011-01-13 Thread TAKAHASHI Motonobu
2011/1/14 Kevin Taylor groucho.64...@hotmail.com: Unfortunately, that doesn't work. Since we're using an LDAP backend, we had to turn on 'encrypt passwords=yes' which bypasses the pam checking. Have you actually tried it? To set obey pam restrictions = yes, Samba obeys PAM's restriction.

Re: [Samba] another question about account locking

2011-01-13 Thread Kevin Taylor
, but it's really the interactive logins I need to lock. Sorry if I'm being difficult about it. :) Date: Fri, 14 Jan 2011 03:38:05 +0900 Subject: Re: [Samba] another question about account locking From: mo...@monyo.com To: groucho.64...@hotmail.com CC: samba@lists.samba.org 2011/1/14 Kevin

Re: [Samba] another question about account locking

2011-01-13 Thread TAKAHASHI Motonobu
2011/1/14 Kevin Taylor groucho.64...@hotmail.com: I did give it a try with no luck. However, I'm not sure that the way the pam rules I have set out would cause that to trip anyway. On most of our linux machines, we'd have the system-auth looking like this (what is the default generated by

[Samba] another question about account locking

2011-01-13 Thread Kevin Taylor
] another question about account locking From: mo...@monyo.com To: groucho.64...@hotmail.com CC: samba@lists.samba.org 2011/1/14 Kevin Taylor groucho.64...@hotmail.com: I did give it a try with no luck. However, I'm not sure that the way the pam rules I have set out would cause