I recently am migrating my PDC from NT4 to Samba 3.025. Apparently due to a mismatch between the capitalization of the Windows account and the Unix account (Administrator vs administrator) I managed to lock the account before catching the discrepenacy. # pdbedit -v administrator Unix username: Administrator NT username: Administrator Account Flags: [ULX Bad password count : 5 I reset the bad password count" field with the following command pdbedit -z -u administrator However, the account is still locked and I can not clear the lock (X) flag. # pdbedit -v administrator Unix username: Administrator NT username: Administrator Account Flags: [ULX Bad password count : 5 # pdbedit -z -u administrator pdb_update_autolock_flag: Account Administrator administratively locked out with no bad password time. Leaving locked out. # pdbedit -c [UX administrator pdb_update_autolock_flag: Account Administrator administratively locked out with no bad password time. Leaving locked out. Can only set [NDHLX] flags Resetting the lockout duration doesn't help either # pdbedit -P "lockout duration" -C 5 account policy "lockout duration" description: Lockout duration in minutes (defa ult: 30, -1 => forever) account policy "lockout duration" value was: 30 account policy "lockout duration" value is now: 5 Any ideas? I added a 2nd account to the unix "DomainAdmins" group (which is mapped to the windows group) but that doesn't seem to give automatically add it to the NT "Domain Admins" group . This group had been in the Domain Admins group on the NT4 machine. Thanks
The following will reset the flags to the default setting clearing the lock: pdbedit -r -c "[]" administrator Gaiseric Vandal wrote:> I recently am migrating my PDC from NT4 to Samba 3.025. Apparently due to a > mismatch between the capitalization of the Windows account and the Unix > account (Administrator vs administrator) I managed to lock the account > before catching the discrepenacy. > > # pdbedit -v administrator > Unix username: Administrator > NT username: Administrator > Account Flags: [ULX > Bad password count : 5 > > > I reset the bad password count" field with the following command > pdbedit -z -u administrator > > However, the account is still locked and I can not clear the lock (X) flag. > > # pdbedit -v administrator > Unix username: Administrator > NT username: Administrator > Account Flags: [ULX > Bad password count : 5 > > # pdbedit -z -u administrator > pdb_update_autolock_flag: Account Administrator administratively locked out > with > no bad password time. Leaving locked out. > > # pdbedit -c [UX administrator > pdb_update_autolock_flag: Account Administrator administratively locked out > with > no bad password time. Leaving locked out. > Can only set [NDHLX] flags > > > Resetting the lockout duration doesn't help either > > # pdbedit -P "lockout duration" -C 5 > account policy "lockout duration" description: Lockout duration in minutes > (defa > ult: 30, -1 => forever) > account policy "lockout duration" value was: 30 > account policy "lockout duration" value is now: 5 > > > Any ideas? > > I added a 2nd account to the unix "DomainAdmins" group (which is mapped to > the windows group) but that doesn't seem to give automatically add it to the > NT "Domain Admins" group . This group had been in the Domain Admins group > on the NT4 machine. > > Thanks > > > > >