I can confirm that 3.0.32 does lock out accounts, I'll be going back to that until the issue is fixed in 3.2.x
> yeap! i saw your post while googling for the problem, just before > posting. > > thanks! > > Victor Medina > > El mié, 05-11-2008 a las 17:01 +0000, David Markey escribió: >> https://bugzilla.samba.org/show_bug.cgi?id=5825 >> >> >> >> I raised this bug a while ago experiencing what you are.Nobody seems to >> have done much about it. >> >> >> >> >> Victor Medina wrote: >> > Hello guys! >> > >> > I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3. >> > >> > I am building a PDC with LDAP support (i am attaching my config >> files), >> > I'm also using ldapsam:trusted and ldapsam:editposix. >> > >> > Although I am setting the account lock after 3 failed tries in usrmgr, >> > and verified that the parameters are actually set in the LDAP, no >> > locking occurs. >> > >> > I started thinking that it was my fault, since i generate my own ldif >> > from a small app i created that reads a Windows AD and creates/fills >> an >> > OpenLDAP with the relevant info that Linux (posix account information) >> > and Samba needs, just like my "own" "net vampire", just that mine >> reads >> > a native AD and migrates to Samba, it just defaults passwords to 1-8. >> > >> > cool! eh? ;) >> > >> > Since everything seems to worked OK except for the account locking, i >> > rebuild the server from scratch using "net sam provision" and created >> > and extra account, joined a machine, but stills it seems account >> locking >> > is not working on samba 3.2.4. >> > >> > any ideas/suggestions are welcome? >> > >> > Victor Medina >> > >> > >> > >> > ************** >> > Some relevant steps i did to set it up >> > ************** >> > >> > >> > smbpasswd -w 12345678 >> > net idmap secret DEFAULT 12345678 >> > net idmap secret alloc 12345678 >> > rcwinbind restart >> > net sam provision >> > smbpasswd administrator >> > net rpc rights grant "c1.ve\administrator" SeMachineAccountPrivilege >> > SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege >> > SeDiskOperatorPrivilege SeTakeOwnershipPrivilege -U administrator >> > >> > rcsmb start && rcnmb start && rcwinbind start >> > >> > >> > >> > >> > *********************************** >> > SMB.conf (global) >> > *********************************** >> > >> > [global] >> > workgroup = C1.VE >> > netbios name = PDC-EPA1 >> > security = user >> > guest account = Invitado >> > map to guest = Bad User >> > enable privileges = yes >> > server string = >> > time server = yes >> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> > domain logons = yes >> > domain master = yes >> > os level = 65 >> > preferred master = yes >> > wins support = yes >> > deadtime = 20 >> > dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd >> > encrypt passwords = yes >> > passdb backend = ldapsam:ldap://127.0.0.1 >> > ldap admin dn = cn=Administrador,dc=xxxx >> > ldap suffix = dc=c1,c=ve,dc=xxx >> > ldap user suffix = ou=people >> > ldap group suffix = ou=group >> > ldap machine suffix = ou=people >> > ldap delete dn = yes >> > ldap passwd sync = yes >> > >> > >> > ldapsam:trusted = yes >> > ldapsam:editposix = yes >> > >> > idmap domains = DEFAULT >> > idmap config DEFAULT:backend = ldap >> > idmap config DEFAULT:readonly = no >> > idmap config DEFAULT:default = yes >> > idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx >> > idmap config DEFAULT:ldap_user_dn = cn=Administrador,dc=xxx >> > idmap config DEFAULT:ldap_url = ldap://127.0.0.1 >> > idmap config DEFAULT:range = 10000-100000 >> > >> > idmap alloc backend = ldap >> > idmap alloc config:ldap_base_dn = ou=idmap,dc=c1,c=ve,dc=xxx >> > idmap alloc config:ldap_user_dn = cn=Administrador,dc=xxx >> > idmap alloc config:ldap_url = ldap://127.0.0.1 >> > idmap alloc config:range = 10000-100000 >> > >> > >> > >> > >> > printing = cups >> > printcap name = cups >> > show add printer wizard = yes >> > load printers = yes >> > >> > >> > create mask = 0640 >> > directory mask = 0750 >> > force create mode = 0640 >> > force directory mode = 0750 >> > preserve case = yes >> > short preserve case = yes >> > case sensitive = no >> > mangling method = hash2 >> > Dos charset = 850 >> > Unix charset = ISO8859-1 >> > nt acl support = yes >> > >> > >> > >> > >> > >> > >> > *********************** >> > slapd.conf >> > *********************** >> > >> > modulepath /usr/lib/openldap/modules >> > include /etc/openldap/schema/core.schema >> > include /etc/openldap/schema/cosine.schema >> > include /etc/openldap/schema/inetorgperson.schema >> > include /etc/openldap/schema/nis.schema >> > include /etc/openldap/schema/samba3.schema >> > >> > pidfile /var/run/slapd/slapd.pid >> > argsfile /var/run/slapd/slapd.args >> > >> > access to dn.base="" >> > by * read >> > >> > access to dn.base="cn=Subschema" >> > by * read >> > >> > access to attrs=userPassword,userPKCS12 >> > by self write >> > by * auth >> > >> > access to attrs=shadowLastChange >> > by self write >> > by * read >> > >> > access to * >> > by * read >> > >> > loglevel -1 >> > >> > database bdb >> > suffix "dc=xxx" >> > rootdn "cn=Administrador,dc=xxx" >> > rootpw "{SSHA}xxx" >> > directory /var/lib/ldap/ >> > >> > checkpoint 1024 5 >> > cachesize 10000 >> > >> > >> > index objectClass,uidNumber,gidNumber,memberUid eq >> > index member,mail eq,pres >> > index cn,displayname,uid,sn,givenname sub,eq,pres >> > index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq >> > index default sub >> > >> > >> > >> > >> > >> > ***************************** >> > LDIF: >> > ***************************** >> > # This file was generated on 2008-11-05 at 11:20:00 >> > # from the ldap://172.16.152.200:389 (bound as >> > cn=Administrador,dc=xxxx) >> > # by Softerra LDAP Administrator v3 >> > [ http://www.ldapadministrator.com ] >> > dn: c=ve,dc=xxxx >> > c: ve >> > objectClass: top >> > objectClass: country >> > description: Infraestructura Tecnologica - Venezuela >> > >> > dn: dc=c1,c=ve,dc=xxxx >> > dc: c1 >> > objectClass: dcObject >> > objectClass: organizationalUnit >> > ou: Tienda 1 / Oficina Central xxxx / Venezuela >> > description: xxxx / Oficina Central EPA / Venezuela >> > >> > dn: ou=people,dc=c1,c=ve,dc=xxxx >> > objectClass: top >> > objectClass: organizationalUnit >> > ou: people >> > >> > dn: ou=group,dc=c1,c=ve,dc=xxxx >> > objectClass: top >> > objectClass: organizationalUnit >> > ou: group >> > >> > dn: ou=idmap,dc=c1,c=ve,dc=xxxx >> > objectClass: top >> > objectClass: organizationalUnit >> > objectClass: sambaUnixIdPool >> > ou: idmap >> > gidNumber: 10016 >> > uidNumber: 10004 >> > >> > dn: sambaDomainName=C1.VE,dc=c1,c=ve,dc=xxxx >> > sambaDomainName: C1.VE >> > sambaSID: S-1-5-21-1230964018-1252349843-1944742870 >> > sambaAlgorithmicRidBase: 1000 >> > objectClass: sambaDomain >> > sambaNextUserRid: 1000 >> > sambaRefuseMachinePwdChange: 0 >> > sambaNextRid: 1002 >> > sambaLockoutDuration: -1 >> > sambaLockoutObservationWindow: 30 >> > sambaLockoutThreshold: 3 >> > sambaMinPwdLength: 5 >> > sambaPwdHistoryLength: 5 >> > sambaLogonToChgPwd: 0 >> > sambaMaxPwdAge: 7776000 >> > sambaMinPwdAge: 0 >> > sambaForceLogoff: -1 >> > >> > dn: cn=domusers,ou=group,dc=c1,c=ve,dc=xxxx >> > objectClass: posixGroup >> > objectClass: sambaGroupMapping >> > cn: domusers >> > displayName: Domain Users >> > gidNumber: 10000 >> > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-513 >> > sambaGroupType: 2 >> > >> > dn: cn=domadmins,ou=group,dc=c1,c=ve,dc=xxxx >> > objectClass: posixGroup >> > objectClass: sambaGroupMapping >> > cn: domadmins >> > displayName: Domain Admins >> > gidNumber: 10001 >> > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-512 >> > sambaGroupType: 2 >> > >> > dn: uid=Administrator,ou=people,dc=c1,c=ve,dc=xxxx >> > objectClass: account >> > objectClass: posixAccount >> > objectClass: sambaSamAccount >> > uid: Administrator >> > cn: Administrator >> > displayName: Administrator >> > uidNumber: 10000 >> > gidNumber: 10001 >> > homeDirectory: /home/C1.VE/Administrator >> > loginShell: /bin/false >> > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-500 >> > sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52 >> > sambaPasswordHistory: >> > 0000000000000000000000000000000000000000000000000000000000000000 >> > sambaPwdLastSet: 1225815211 >> > sambaAcctFlags: [U ] >> > userPassword: {SSHA}YP8U0rTihCaNlp83JlS+ZWJv4jyEFhH8 >> > sambaProfilePath:: >> > IA== >> > >> > dn: uid=Invitado,ou=people,dc=c1,c=ve,dc=xxxx >> > objectClass: account >> > objectClass: posixAccount >> > objectClass: sambaSamAccount >> > uid: Invitado >> > cn: Invitado >> > displayName: Invitado >> > uidNumber: 10001 >> > gidNumber: 10000 >> > homeDirectory: / >> > loginShell: /bin/false >> > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-501 >> > sambaAcctFlags: [DU ] >> > >> > dn: sambaSID=S-1-5-32-544,ou=group,dc=c1,c=ve,dc=xxxx >> > objectClass: sambaSidEntry >> > objectClass: sambaGroupMapping >> > sambaSID: S-1-5-32-544 >> > sambaGroupType: 4 >> > displayName: Administrators >> > gidNumber: 10002 >> > sambaSIDList: S-1-5-21-1230964018-1252349843-1944742870-512 >> > >> > dn: sambaSID=S-1-5-32-545,ou=group,dc=c1,c=ve,dc=xxxx >> > objectClass: sambaSidEntry >> > objectClass: sambaGroupMapping >> > sambaSID: S-1-5-32-545 >> > sambaGroupType: 4 >> > displayName: Users >> > gidNumber: 10003 >> > sambaSIDList: S-1-5-21-1230964018-1252349843-1944742870-513 >> > >> > dn: uid=FERRETER-PRUQ3Z$,ou=people,dc=c1,c=ve,dc=xxxx >> > uid: FERRETER-PRUQ3Z$ >> > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-1001 >> > sambaAcctFlags: [W ] >> > objectClass: sambaSamAccount >> > objectClass: account >> > objectClass: posixAccount >> > cn: FERRETER-PRUQ3Z$ >> > uidNumber: 10002 >> > gidNumber: 10000 >> > homeDirectory: /home/C1.VE/SMB_workstations_home >> > loginShell: /bin/false >> > sambaNTPassword: B055ADEFB17BCC6E6FAC8D1AC4A74DF9 >> > sambaPwdLastSet: 1225815330 >> > >> > dn: uid=test001,ou=people,dc=c1,c=ve,dc=xxxx >> > uid: test001 >> > sambaSID: S-1-5-21-1230964018-1252349843-1944742870-1002 >> > objectClass: sambaSamAccount >> > objectClass: account >> > objectClass: posixAccount >> > cn: test001 >> > uidNumber: 10003 >> > gidNumber: 10000 >> > homeDirectory: /home/C1.VE/test001 >> > loginShell: /bin/false >> > sambaKickoffTime: 0 >> > sambaNTPassword: AD396BEB5A4668D740B3A9ADC48655A8 >> > sambaPasswordHistory: >> > B2AA5A8D71A95E53A0B4F943CDF222B2F54631924E73FE70C98B6731A1656B04000000000000 >> > >> > 0000000000000000000000000000000000000000000000000000000000000000000000000000 >> > >> > 0000000000000000000000000000000000000000000000000000000000000000000000000000 >> > >> > 0000000000000000000000000000000000000000000000000000000000000000000000000000 >> > 0000000000000000 >> > sambaPwdLastSet: 1225815887 >> > userPassword: {SSHA}nRA+2FYkZPXKBN1wri6HBcuTk2ZA6zqP >> > sambaProfilePath:: >> > IA== >> > sambaAcctFlags: [U ] >> > sambaBadPasswordTime: 0 >> > sambaBadPasswordCount: 0 >> > >> > >> > >> > >> > >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
