I can confirm this, and also support this bug author's assertion that the user account lockout is a very important security feature for those of us using Samba as an active directory domain controller:
"Samba's AD DC now implements bad password lockout (on a per-DC basis). That is, incorrect password attempts are tracked, and accounts locked out if too many bad passwords are submitted. There is also a grace period of 60 minutes on the previous password when used for NTLM authentication (matching Windows 2003 SP1: https://support2.microsoft.com/kb/906305). The relevant settings can be seen using 'samba-tool domain passwordsettings show' (the new settings being highlighted): Password informations for domain 'DC=samba,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum password length: 7 Minimum password age (days): 1 Maximum password age (days): 42 * Account lockout duration (mins): 30 * * Account lockout threshold (attempts): 0 * * Reset account lockout after (mins): 30 * These values can be set using 'samba-tool domain passwordsettings set'." Thank you for your hard work and please bake this 4.2 release into Ubuntu Server 14.04, if possible and prudent to do so. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1442039 Title: Samba 4.1.6 has userlock bug - fixed in 4.2.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/1442039/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
