Hi, I don't know if this is by design or because I am doing something wrong, but I cannot make the account lockout work as I would expect it to work. We use Samba 3 as PDC and BDC with SAM in LDAP. How do I have to configure the policies "lockout duration" and "reset count minutes" to achieve the following behaviour: Account is locked after 3 bad password attempts and can be unlocked by an administrator or automatically unlocked after 4 hours. I tested various combinations. Locking works, but manual unlocking, either by using usrmgr or by resetting the L flag does not seem to work. The account stays locked until the "lockout duration" has expired. If I set "lockout duration" and "reset count minutes" to 0 or -1 manual unlocking still does not work. I am testing with 3.0.3pre1. Thanks for your help in advance. Pierre Filippone