I thought I would ask here to see if anyone has had a similar situation and a
solution.
We've got a SunOne Directory Server set up to authenticate our users on Linux.
To get shared authentication with Windows, we set up Samba (2.0.33 as ships
with CentOS 5) and the smbldap-tools.
What we need to do is get account locking to work across the board...such that
if a user fails 5 times on a Windows machine, they will be locked out on the
Linux systems as well....and vice versa.
Here's what I'm seeing:
On windows, failing authentication updates the "Bad Password Count" in Samba,
additionally it adds a "pwdfailuretime" to the LDAP server. This is good, and
is what we would like to see.
Fail 2, similar
Fail 3, similar
Fail 4, similar
On Fail 5, what seems to be happening is that the LDAP server puts in its 5th
pwdfailuretime item, thereby locking the account, and essentially preventing
Windows/samba from updating the final sambabadpasswordcount number....so
Windows is eternally stuck at 4 failures. Entering a bad password on the
Windows side says "There is a problem with the account", but entering the
correct password lets the user right in.
That's problem one. I can clarify any of this if needed.
The other thing we want to be able to do is that if a user fails 5 times on
Linux that it will lock out the Windows accounts. Any idea how to do that?
Thanks for any hints or conversations we can start about this. :)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
