Hi and thanks fer reply.
Are u talking about completly droping LDAP Authentication and only
rely/authenticate against samba ??
whats pam_winbindd all about ? i read its required if my samba is member
or some native NT or ADS domain for "somehow" mapping foreign NT Users
to some Unix users. Is it more than that ? Are there some good
Docs/Manuals about that a normal Human (Not a C Coder) can understand ?
thanks
Axel
Am 19.02.2009 16:42, François Legal schrieb:
If you want to prevent the user from unlocking its samba account, you can
probably do it with ACL on your directory (only allow modification to samba
attributes by the bind user used by samba).
If you want to prevent the user from logging in Linux when his account is
locked, then you could consider using pam_winbindd instead of pam_ldap
François
On Thu, 19 Feb 2009 13:14:48 +0100, Axel Werner <[email protected]>
wrote:
Hi Gurus out there!
Is there a Way to have Samba start a script in some way like those
addnewmachine or addnewuser scripts, that kicks in whenever a samba
user-account got locked down ?? (through manual lock OR more important,
through a intruder detection / x failed logon attempts )
My Problem is that whenever a Samba Account got locked because of
exceeding max. failed logon attempts the corresponding LDAP User Object
is still "unlocked". So when however the user cannot log back in to
samba, he is still able to log in on linux console (through pam_ldap)
and reset his password or so more nasty things. So i want to make sure
that if he fucks up his samba account , his LDAP account will also be
disabled.
Some Hook for a custom script would be fine. But is there something like
that ?
Any other Ideas how to manage that ?
greetings
Axel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
