yeap! i saw your post while googling for the problem, just before posting. thanks!
Victor Medina El mié, 05-11-2008 a las 17:01 +0000, David Markey escribió: > https://bugzilla.samba.org/show_bug.cgi?id=5825 > > > > I raised this bug a while ago experiencing what you are.Nobody seems to > have done much about it. > > > > > Victor Medina wrote: > > Hello guys! > > > > I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3. > > > > I am building a PDC with LDAP support (i am attaching my config files), > > I'm also using ldapsam:trusted and ldapsam:editposix. > > > > Although I am setting the account lock after 3 failed tries in usrmgr, > > and verified that the parameters are actually set in the LDAP, no > > locking occurs. > > > > I started thinking that it was my fault, since i generate my own ldif > > from a small app i created that reads a Windows AD and creates/fills an > > OpenLDAP with the relevant info that Linux (posix account information) > > and Samba needs, just like my "own" "net vampire", just that mine reads > > a native AD and migrates to Samba, it just defaults passwords to 1-8. > > > > cool! eh? ;) > > > > Since everything seems to worked OK except for the account locking, i > > rebuild the server from scratch using "net sam provision" and created > > and extra account, joined a machine, but stills it seems account locking > > is not working on samba 3.2.4. > > > > any ideas/suggestions are welcome? > > > > Victor Medina > > > > > > > > ************** > > Some relevant steps i did to set it up > > ************** > > > > > > smbpasswd -w 12345678 > > net idmap secret DEFAULT 12345678 > > net idmap secret alloc 12345678 > > rcwinbind restart > > net sam provision > > smbpasswd administrator > > net rpc rights grant "c1.ve\administrator" SeMachineAccountPrivilege > > SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege > > SeDiskOperatorPrivilege SeTakeOwnershipPrivilege -U administrator > > > > rcsmb start && rcnmb start && rcwinbind start > > > > > > > > > > *********************************** > > SMB.conf (global) > > *********************************** > > > > [global] > > workgroup = C1.VE > > netbios name = PDC-EPA1 > > security = user > > guest account = Invitado > > map to guest = Bad User > > enable privileges = yes > > server string = > > time server = yes > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > domain logons = yes > > domain master = yes > > os level = 65 > > preferred master = yes > > wins support = yes > > deadtime = 20 > > dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd > > encrypt passwords = yes > > passdb backend = ldapsam:ldap://127.0.0.1 > > ldap admin dn = cn=Administrador,dc=xxxx > > ldap suffix = dc=c1,c=ve,dc=xxx > > ldap user suffix = ou=people > > ldap group suffix = ou=group > > ldap machine suffix = ou=people > > ldap delete dn = yes > > ldap passwd sync = yes > > > > > > ldapsam:trusted = yes > > ldapsam:editposix = yes > > > > idmap domains = DEFAULT > > idmap config DEFAULT:backend = ldap > > idmap config DEFAULT:readonly = no > > idmap config DEFAULT:default = yes > > idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx > > idmap config DEFAULT:ldap_user_dn = cn=Administrador,dc=xxx > > idmap config DEFAULT:ldap_url = ldap://127.0.0.1 > > idmap config DEFAULT:range = 10000-100000 > > > > idmap alloc backend = ldap > > idmap alloc config:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx > > idmap alloc config:ldap_user_dn = cn=Administrador,dc=xxx > > idmap alloc config:ldap_url = ldap://127.0.0.1 > > idmap alloc config:range = 10000-100000 > > > > > > > > > > printing = cups > > printcap name = cups > > show add printer wizard = yes > > load printers = yes > > > > > > create mask = 0640 > > directory mask = 0750 > > force create mode = 0640 > > force directory mode = 0750 > > preserve case = yes > > short preserve case = yes > > case sensitive = no > > mangling method = hash2 > > Dos charset = 850 > > Unix charset = ISO8859-1 > > nt acl support = yes > > > > > > > > > > > > > > *********************** > > slapd.conf > > *********************** > > > > modulepath /usr/lib/openldap/modules > > include /etc/openldap/schema/core.schema > > include /etc/openldap/schema/cosine.schema > > include /etc/openldap/schema/inetorgperson.schema > > include /etc/openldap/schema/nis.schema > > include /etc/openldap/schema/samba3.schema > > > > pidfile /var/run/slapd/slapd.pid > > argsfile /var/run/slapd/slapd.args > > > > access to dn.base="" > > by * read > > > > access to dn.base="cn=Subschema" > > by * read > > > > access to attrs=userPassword,userPKCS12 > > by self write > > by * auth > > > > access to attrs=shadowLastChange > > by self write > > by * read > > > > access to * > > by * read > > > > loglevel -1 > > > > database bdb > > suffix "dc=xxx" > > rootdn "cn=Administrador,dc=xxx" > > rootpw "{SSHA}xxx" > > directory /var/lib/ldap/ > > > > checkpoint 1024 5 > > cachesize 10000 > > > > > > index objectClass,uidNumber,gidNumber,memberUid eq > > index member,mail eq,pres > > index cn,displayname,uid,sn,givenname sub,eq,pres > > index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq > > index default sub > > > > > > > > > > > > ***************************** > > LDIF: > > ***************************** > > # This file was generated on 2008-11-05 at 11:20:00 > > # from the ldap://172.16.152.200:389 (bound as > > cn=Administrador,dc=xxxx) > > # by Softerra LDAP Administrator v3 > > [ http://www.ldapadministrator.com ] > > dn: c=ve,dc=xxxx > > c: ve > > objectClass: top > > objectClass: country > > description: Infraestructura Tecnologica - Venezuela > > > > dn: dc=c1,c=ve,dc=xxxx > > dc: c1 > > objectClass: dcObject > > objectClass: organizationalUnit > > ou: Tienda 1 / Oficina Central xxxx / Venezuela > > description: xxxx / Oficina Central EPA / Venezuela > > > > dn: ou=people,dc=c1,c=ve,dc=xxxx > > objectClass: top > > objectClass: organizationalUnit > > ou: people > > > > dn: ou=group,dc=c1,c=ve,dc=xxxx > > objectClass: top > > objectClass: organizationalUnit > > ou: group > > > > dn: ou=idmap,dc=c1,c=ve,dc=xxxx > > objectClass: top > > objectClass: organizationalUnit > > objectClass: sambaUnixIdPool > > ou: idmap > > gidNumber: 10016 > > uidNumber: 10004 > > > > dn: sambaDomainName=C1.VE,dc=c1,c=ve,dc=xxxx > > sambaDomainName: C1.VE > > sambaSID: S-1-5-21-1230964018-1252349843-1944742870 > > sambaAlgorithmicRidBase: 1000 > > objectClass: sambaDomain > > sambaNextUserRid: 1000 > > sambaRefuseMachinePwdChange: 0 > > sambaNextRid: 1002 > > sambaLockoutDuration: -1 > > sambaLockoutObservationWindow: 30 > > sambaLockoutThreshold: 3 > > sambaMinPwdLength: 5 > > sambaPwdHistoryLength: 5 > > sambaLogonToChgPwd: 0 > > sambaMaxPwdAge: 7776000 > > sambaMinPwdAge: 0 > > sambaForceLogoff: -1 > > > > dn: cn=domusers,ou=group,dc=c1,c=ve,dc=xxxx > > objectClass: posixGroup > > objectClass: sambaGroupMapping > > cn: domusers > > displayName: Domain Users > > gidNumber: 10000 > > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-513 > > sambaGroupType: 2 > > > > dn: cn=domadmins,ou=group,dc=c1,c=ve,dc=xxxx > > objectClass: posixGroup > > objectClass: sambaGroupMapping > > cn: domadmins > > displayName: Domain Admins > > gidNumber: 10001 > > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-512 > > sambaGroupType: 2 > > > > dn: uid=Administrator,ou=people,dc=c1,c=ve,dc=xxxx > > objectClass: account > > objectClass: posixAccount > > objectClass: sambaSamAccount > > uid: Administrator > > cn: Administrator > > displayName: Administrator > > uidNumber: 10000 > > gidNumber: 10001 > > homeDirectory: /home/C1.VE/Administrator > > loginShell: /bin/false > > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-500 > > sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52 > > sambaPasswordHistory: > > 0000000000000000000000000000000000000000000000000000000000000000 > > sambaPwdLastSet: 1225815211 > > sambaAcctFlags: [U ] > > userPassword: {SSHA}YP8U0rTihCaNlp83JlS+ZWJv4jyEFhH8 > > sambaProfilePath:: > > IA== > > > > dn: uid=Invitado,ou=people,dc=c1,c=ve,dc=xxxx > > objectClass: account > > objectClass: posixAccount > > objectClass: sambaSamAccount > > uid: Invitado > > cn: Invitado > > displayName: Invitado > > uidNumber: 10001 > > gidNumber: 10000 > > homeDirectory: / > > loginShell: /bin/false > > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-501 > > sambaAcctFlags: [DU ] > > > > dn: sambaSID=S-1-5-32-544,ou=group,dc=c1,c=ve,dc=xxxx > > objectClass: sambaSidEntry > > objectClass: sambaGroupMapping > > sambaSID: S-1-5-32-544 > > sambaGroupType: 4 > > displayName: Administrators > > gidNumber: 10002 > > sambaSIDList: S-1-5-21-1230964018-1252349843-1944742870-512 > > > > dn: sambaSID=S-1-5-32-545,ou=group,dc=c1,c=ve,dc=xxxx > > objectClass: sambaSidEntry > > objectClass: sambaGroupMapping > > sambaSID: S-1-5-32-545 > > sambaGroupType: 4 > > displayName: Users > > gidNumber: 10003 > > sambaSIDList: S-1-5-21-1230964018-1252349843-1944742870-513 > > > > dn: uid=FERRETER-PRUQ3Z$,ou=people,dc=c1,c=ve,dc=xxxx > > uid: FERRETER-PRUQ3Z$ > > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-1001 > > sambaAcctFlags: [W ] > > objectClass: sambaSamAccount > > objectClass: account > > objectClass: posixAccount > > cn: FERRETER-PRUQ3Z$ > > uidNumber: 10002 > > gidNumber: 10000 > > homeDirectory: /home/C1.VE/SMB_workstations_home > > loginShell: /bin/false > > sambaNTPassword: B055ADEFB17BCC6E6FAC8D1AC4A74DF9 > > sambaPwdLastSet: 1225815330 > > > > dn: uid=test001,ou=people,dc=c1,c=ve,dc=xxxx > > uid: test001 > > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-1002 > > objectClass: sambaSamAccount > > objectClass: account > > objectClass: posixAccount > > cn: test001 > > uidNumber: 10003 > > gidNumber: 10000 > > homeDirectory: /home/C1.VE/test001 > > loginShell: /bin/false > > sambaKickoffTime: 0 > > sambaNTPassword: AD396BEB5A4668D740B3A9ADC48655A8 > > sambaPasswordHistory: > > B2AA5A8D71A95E53A0B4F943CDF222B2F54631924E73FE70C98B6731A1656B04000000000000 > > > > 0000000000000000000000000000000000000000000000000000000000000000000000000000 > > > > 0000000000000000000000000000000000000000000000000000000000000000000000000000 > > > > 0000000000000000000000000000000000000000000000000000000000000000000000000000 > > 0000000000000000 > > sambaPwdLastSet: 1225815887 > > userPassword: {SSHA}nRA+2FYkZPXKBN1wri6HBcuTk2ZA6zqP > > sambaProfilePath:: > > IA== > > sambaAcctFlags: [U ] > > sambaBadPasswordTime: 0 > > sambaBadPasswordCount: 0 > > > > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
