From: David Hoskinson <[email protected]> Date: Thu, 15 Sep 2011 08:18:22 -0500
> After moving from Redhat AS4 to RHEL 5.5 we started noticing these > error messages in the messages log. (snip) > LDAP server has had no changes to it, or its schema. > /var/log/messages: > Sep 15 12:51:39 xxx301 smbd[22218]: [2011/09/15 12:51:39, 0] > passdb/passdb.c:pdb_increment_bad_password_count(1477) > Sep 15 12:51:39 xxx301 smbd[22218]: pdb_increment_bad_password_count: > pdb_get_account_policy failed. > Sep 15 12:51:53 xxx301 smbd[22218]: [2011/09/15 12:51:53, 0] > lib/util_sock.c:read_data(540) > Sep 15 12:51:53 xxx301 smbd[22218]: read_data: read failure for 4 bytes to > client 192.168.x.x. Error = Connection > Old system: > samba-common-3.0.10-1.4E.6 > samba-client-3.0.10-1.4E.6 > samba-3.0.10-1.4E.6 > New system > samba-common-3.0.33-3.29.el5_6.2 > samba-3.0.33-3.29.el5_6.2 After Samba 3.0.21, the information for account policy became stored in LDAP, instead of local tdb file if using LDAP as passdb backend. So you have to set LDAP attributes about account policy in your LDAP directory correctly. In my env, here is settings about accont policy and other domain specific attributes: # ldapsearch -Y EXTERNAL -H ldapi:/// -b dc=sambadom,dc=local '(sambaDomainName=SAMBADOM)' (snip) # SAMBADOM, sambadom.local dn: sambaDomainName=SAMBADOM,dc=sambadom,dc=local sambaDomainName: SAMBADOM sambaSID: S-1-5-21-1179644376-2526199691-xxxxxxxxxx sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaRefuseMachinePwdChange: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaMinPwdLength: 7 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 1 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaForceLogoff: -1 sambaNextRid: 1021 --- TAKAHASHI Motonobu <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
