Using Samba 3.0.14a with multiple domain controllers across WAN links I
discovered that account lockout policies are broke. My testing show's that
account lockout policies are not stored in LDAP as one would think but in a
local TDB file on that particular BDC or PDC. The result is I'm seeing
errors in my logs and users are getting locked out. There appears to be no
replication setup or no way to replicate this policy information in a
multiple DC environment. Depending on which DC handles the auth request is
what policy is in effect. User Manager does not have any provisions to
select the BDC's to apply a consistent lockout policy. I've had to
disable
account lockouts just to let the users keep working and we have the nerve to
complain abount MS security. Are there any plans to fix this. After
reviewing the source code the problem seems to be the account lockout code
itself.
Thanks
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
