samba - Mar 2015 - BadPwdCount Attribute. Why no replication?

Hello,

    With the upgrade to 4.2 I now have access the the lockout feature.
I've learned the BadPwdCount attribute does not get replicated. Why is
this? My understanding is one DC could have a value of '2' while another
has '1'. Depending on what DC the user attempts to authenticate against.
This user may be locked out after one invalid attempt if the threshold is 3.

-- 
-James

On 24/03/15 16:10, James wrote:
> Hello,
>
>      With the upgrade to 4.2 I now have access the the lockout feature.
> I've learned the BadPwdCount attribute does not get replicated. Why is
> this? My understanding is one DC could have a value of '2' while
another
> has '1'. Depending on what DC the user attempts to authenticate
against.
> This user may be locked out after one invalid attempt if the threshold is
3.
>
Because it shouldn't be, that's why.

See: https://msdn.microsoft.com/en-us/library/ms675244%28v=vs.85%29.aspx

At the bottom, under 'Remarks'

Rowland