All,
I built and installed 3.0.7. I am trying to
finalize my setup by limiting the user to 3 failed
logon attempts.
I used:
./pdbedit -P "bad lockout attempt" -C 3
This works fine for all users EXCEPT for the user
with a matching Windows user name. In other words,
if my windows user name is 'bender' and my samba
user name is 'bender' the number of Bad logon attempts
will continue to increment as other accounts logon's
fail.
Example:
I logon to my Windows box as 'bender'
I also have the samba users 'bob', 'chuck' and
'bender'. If I Map a Share as bob and mess up twice
(or once) and then
successfully logon, the 'Bad password count' for
'bob' will correctly be 0, but for bender it will be
2. If I logon
as 'chuck' and mess up once - 'bender' is now locked
out!! Not only that, all the shares on my samba
server are
locked out to EVERYONE until I either remove user
'bender' or
./pdbedit -z -c='[]' bender
I included smb.conf below although I doubt this
matters much.
Thanks for any help!
Bender
# Global parameters
[global]
netbios name = SAMBA
min passwd length = 8
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat debug = Yes
log level = 2
load printers = No
show add printer wizard = No
logon script = notice.bat
os level = 35
preferred master = No
ldap ssl = no
winbind use default domain = Yes
directory security mask = 0700
hosts allow = XX.XX.XX.XX/255.255.252.0, locahost
[some_dir]
comment = XXX
path = /usr/local/
read only = No
create mask = 0765
Hi All, I?ve migrated my Win NT4 PDC to a samba 3.0.7 with ldap backend. In all the 22 city?s I made this, the old PDC just let me connect on it if I go on srvmgr and ask it to syncronize wiht the PDC. After that I can open its shares normally. After a while the Win BDC starts again asking for username and password. Note that I?m using the same SID of the NT server on the Samba server. Anyone no how to solve this issue? Thank?s Gustavo
Andrew Bartlett
2004-Oct-14 10:13 UTC
[Samba] Ex-PDC always loosing sync with new samba PDC
On Thu, 2004-10-14 at 07:30, Gustavo Lima wrote:> Hi All, > > I?ve migrated my Win NT4 PDC to a samba 3.0.7 with ldap backend. In all the > 22 city?s I made this, the old PDC just let me connect on it if I go on > srvmgr and ask it to syncronize wiht the PDC. After that I can open its > shares normally. > > After a while the Win BDC starts again asking for username and password. > > Note that I?m using the same SID of the NT server on the Samba server.After you migrate to Samba, you *must* disconnect the NT4 PDC/BDC, and not use them on the network again. They will conflict, and Samba has no way to maintain a correct link with them. Andrew Bartlett -- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20041014/1fee91b5/attachment.bin
Thank?s for your answer Andrew, Unfortunelly I can?t take these NT out from the network now. I will have to find a way to handle them. Another question. I?m having problems with Win 2k Server with SQL 2k. The 2k can?t see the users names from the 22 trusts I have, but only the SIDs. In other way the local account s works fine. Is there any solution to this problem? Thank?s, Gustavo ----- Original Message ----- From: "Andrew Bartlett" <abartlet@samba.org> To: "Gustavo Lima" <gustavo.lima@conab.gov.br> Cc: <samba@lists.samba.org> Sent: Thursday, October 14, 2004 7:13 AM Subject: Re: [Samba] Ex-PDC always loosing sync with new samba PDC
Possibly Parallel Threads
- Bad lockout attempt recorded 2x
- Windows User Admin Tool error
- Can't get password policies (bad lockout attempt) to work on Samaba 3 + OpenLDAP
- pdbedit "bad lockout attempt" does not work
- Does Samba attempt Anonymous logon to IPC$ shares? Can this lockout accounts?!?