All, I built and installed 3.0.7. I am trying to finalize my setup by limiting the user to 3 failed logon attempts. I used: ./pdbedit -P "bad lockout attempt" -C 3 This works fine for all users EXCEPT for the user with a matching Windows user name. In other words, if my windows user name is 'bender' and my samba user name is 'bender' the number of Bad logon attempts will continue to increment as other accounts logon's fail. Example: I logon to my Windows box as 'bender' I also have the samba users 'bob', 'chuck' and 'bender'. If I Map a Share as bob and mess up twice (or once) and then successfully logon, the 'Bad password count' for 'bob' will correctly be 0, but for bender it will be 2. If I logon as 'chuck' and mess up once - 'bender' is now locked out!! Not only that, all the shares on my samba server are locked out to EVERYONE until I either remove user 'bender' or ./pdbedit -z -c='[]' bender I included smb.conf below although I doubt this matters much. Thanks for any help! Bender # Global parameters [global] netbios name = SAMBA min passwd length = 8 passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat debug = Yes log level = 2 load printers = No show add printer wizard = No logon script = notice.bat os level = 35 preferred master = No ldap ssl = no winbind use default domain = Yes directory security mask = 0700 hosts allow = XX.XX.XX.XX/255.255.252.0, locahost [some_dir] comment = XXX path = /usr/local/ read only = No create mask = 0765
Hi All, I?ve migrated my Win NT4 PDC to a samba 3.0.7 with ldap backend. In all the 22 city?s I made this, the old PDC just let me connect on it if I go on srvmgr and ask it to syncronize wiht the PDC. After that I can open its shares normally. After a while the Win BDC starts again asking for username and password. Note that I?m using the same SID of the NT server on the Samba server. Anyone no how to solve this issue? Thank?s Gustavo
Andrew Bartlett
2004-Oct-14 10:13 UTC
[Samba] Ex-PDC always loosing sync with new samba PDC
On Thu, 2004-10-14 at 07:30, Gustavo Lima wrote:> Hi All, > > I?ve migrated my Win NT4 PDC to a samba 3.0.7 with ldap backend. In all the > 22 city?s I made this, the old PDC just let me connect on it if I go on > srvmgr and ask it to syncronize wiht the PDC. After that I can open its > shares normally. > > After a while the Win BDC starts again asking for username and password. > > Note that I?m using the same SID of the NT server on the Samba server.After you migrate to Samba, you *must* disconnect the NT4 PDC/BDC, and not use them on the network again. They will conflict, and Samba has no way to maintain a correct link with them. Andrew Bartlett -- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20041014/1fee91b5/attachment.bin
Thank?s for your answer Andrew, Unfortunelly I can?t take these NT out from the network now. I will have to find a way to handle them. Another question. I?m having problems with Win 2k Server with SQL 2k. The 2k can?t see the users names from the 22 trusts I have, but only the SIDs. In other way the local account s works fine. Is there any solution to this problem? Thank?s, Gustavo ----- Original Message ----- From: "Andrew Bartlett" <abartlet@samba.org> To: "Gustavo Lima" <gustavo.lima@conab.gov.br> Cc: <samba@lists.samba.org> Sent: Thursday, October 14, 2004 7:13 AM Subject: Re: [Samba] Ex-PDC always loosing sync with new samba PDC
Possibly Parallel Threads
- Bad lockout attempt recorded 2x
- Windows User Admin Tool error
- Can't get password policies (bad lockout attempt) to work on Samaba 3 + OpenLDAP
- pdbedit "bad lockout attempt" does not work
- Does Samba attempt Anonymous logon to IPC$ shares? Can this lockout accounts?!?