On Wednesday, November 27, 2002, at 09:12 AM, Steve Langasek wrote:
With Win95/98 it might not be such an issue. If you have any memberWell, as migration to Windows 2000 Professional on the desktop is gradually taking place, it becomes an issue if the Samba server cannot be a domain controller.... I believe there may also be at least one Windows NT Server that is a domain member server as well.....
servers in your domain, it IS an issue, because the only way to get
recent versions of Windows to negotiate plaintext auth is for the server
to say it does NOT support encrypted passwords, and a server that doesn't
support encrypted passwords cannot be a DC.
Well, it sounds to me then that the only way to support this is to add the support to Samba itself, via a new smb.conf option such as 'max failed login attempts = n' for example. And then either use the /var/log/faillog that is used by pam_tally, for compatibility with the system authentication, or store the number of failed Samba logon attempts independantly, in a field of smbpasswd, or elsewhere.
--
Jim Morris ([EMAIL PROTECTED])
