The format of the sambaDomainName object in the DIT (I've masked the
sensitive information, don't let the ?'s and #'s throw you):
Distinguished Name: sambaDomainName=????,??=???,??=???
ObjectClasses sambaDomain
Attributes
sambaAlgorithmicRidBase 1000
sambaDomainName ????
sambaNextUserRid 1000
sambaSID #-#-#-##-##########-#########-##########
The attributes sambapwdhistorylength, sambalockoutthreshold,
sambamaxpwdage are not included in the definition of the sambaDomainName
object. Any ideas? The searching I've done indicates the attributes
sambapwdhistorylength, sambalockoutthreshold, sambamaxpwdage should be
included, in our case, they are not.
Thanks for any assistance,
Rob Mottishaw
Rob Mottishaw wrote:
Receive the following errors when users authenticate with LDAP schema
file included with Sun DS 5.2:
ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry
"sambaDomainName=????????,??=???,??=???", attribute
"sambapwdhistorylength" is not allowed
ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry
"sambaDomainName=????????,??=???,??=???", attribute
"sambalockoutthreshold" is not allowed
ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry
"sambaDomainName=????????,??=???,??=???", attribute "sambamaxpwdage"
is not allowed
The authentication is succdessful, yet these errors are logged
multiple times. Checked in the schema file for SAMBA 3.0.x sent with
Sun DS 5.2, and indeed, the attributes sambapwdhistorylength,
sambalockoutthreshold, and sambamaxpwdage are not among those listed
in the schema file for SAMBA 3.0.x. Is there an updated schema file
or a way to configure the authentication to remove the verification of
these attributes?
Thank you,
Rob Mottishaw
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
