samba - Aug 2005 - Stop disabling accounts?

When a user tries logging in and enters the wrong password a few times
in a row, their account becomes disabled.  Is there a way to prevent
this behavior?  I couldn't find anything in the smb.conf man page
about it.

Alternatively, could we use a preexec script to just re-enable all
accounts when there's a logon attempt?  Or does that script only get
executed after a user is authenticated?

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

On Fri, Aug 19, 2005 at 03:59:16PM -0500, Chris St. Pierre
wrote:
> When a user tries logging in and enters the wrong password a few times
> in a row, their account becomes disabled.  Is there a way to prevent
> this behavior?  I couldn't find anything in the smb.conf man page
> about it.
> 
> Alternatively, could we use a preexec script to just re-enable all
> accounts when there's a logon attempt?  Or does that script only get
> executed after a user is authenticated?

The manual page of pdbedit has these entries:

       -P account-policy
              Display an account policy

              Valid  policies are: minimum password age, reset count minutes,
              disconnect time, user must logon to change  password, password
              history,  lockout  duration, min password length, maximum pass-
              word age and bad lockout attempt.

              Example: pdbedit -P "bad lockout attempt"

              account policy value for bad lockout attempt is 0

       -C account-policy-value
              Sets an account policy to a specified value.  This  option may
              only be used in conjunction with the -P option.

              Example: pdbedit -P "bad lockout attempt" -C 3

              account policy value for bad lockout attempt was 0
              account policy value for bad lockout attempt is now 3



HTH
Geert Stappers