thr3ads.net - samba - [Samba] Account locking out not working[LDAP backend] [Oct 2008]

If this information is useful, please help other people find it:
Share via:
dmarkey@comp.dit.ie
2008-Oct-19 22:12 UTC
[Samba] Account locking out not working[LDAP backend]

Hi I cannot get account locking out to work.

-bash-3.00# pdbedit -P "bad lockout attempt"
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=CSR))]
smbldap_open_connection: connection opened
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=CSR))]
smbldap_open_connection: connection opened
account policy "bad lockout attempt" description: Lockout users after
bad
logon attempts (default: 0 => off)
account policy "bad lockout attempt" value is: 5



Obviously its set to 5.


-bash-3.00# pdbedit -P "lockout duration"
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=CSR))]
smbldap_open_connection: connection opened
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=CSR))]
smbldap_open_connection: connection opened
account policy "lockout duration" description: Lockout duration in
minutes
(default: 30, -1 => forever)
account policy "lockout duration" value is: 4294967295

And lockout duration of forever

so here we go:

smbldap_open_connection: connection opened
init_sam_from_ldap: Entry found for user: test.user1
Unix username:        test.user1
NT username:          test.user1
Account Flags:        [U          ]
User SID:             S-1-5-21-933094658-698143331-34306911-1041
init_group_from_ldap: Entry found for group: 513
init_group_from_ldap: Entry found for group: 513
Primary Group SID:    S-1-5-21-933094658-698143331-34306911-513
Full Name:            test.user1
Home Directory:       \\samba\test.user1
HomeDir Drive:        U:
Logon Script:         logon.bat
Profile Path:
Domain:               CSR
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         0
Password last set:    Wed, 15 Oct 2008 13:05:54 WEST
Password can change:  Wed, 15 Oct 2008 13:05:54 WEST
Password must change: Sun, 14 Dec 2008 12:05:54 WET
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


And attempt to log in 8 times:


-bash-3.00# net --user=test.user1 user
Enter test.user1's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
-bash-3.00# net --user=test.user1 user
Enter test.user1's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
-bash-3.00# net --user=test.user1 user
Enter test.user1's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
-bash-3.00# net --user=test.user1 user
Enter test.user1's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
-bash-3.00# net --user=test.user1 user
Enter test.user1's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
-bash-3.00# net --user=test.user1 user
Enter test.user1's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
-bash-3.00# net --user=test.user1 user
Enter test.user1's password:
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
-bash-3.00# net --user=test.user1 user
Enter test.user1's password:
root
nobody
test.user1

-bash-3.00# pdbedit -v test.user1
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=CSR))]
smbldap_open_connection: connection opened
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=CSR))]
smbldap_open_connection: connection opened
init_sam_from_ldap: Entry found for user: test.user1
Unix username:        test.user1
NT username:          test.user1
Account Flags:        [U          ]
User SID:             S-1-5-21-933094658-698143331-34306911-1041
init_group_from_ldap: Entry found for group: 513
init_group_from_ldap: Entry found for group: 513
Primary Group SID:    S-1-5-21-933094658-698143331-34306911-513
Full Name:            test.user1
Home Directory:       \\samba\test.user1
HomeDir Drive:        U:
Logon Script:         logon.bat
Profile Path:
Domain:               CSR
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         0
Password last set:    Wed, 15 Oct 2008 13:05:54 WEST
Password can change:  Wed, 15 Oct 2008 13:05:54 WEST
Password must change: Sun, 14 Dec 2008 12:05:54 WET
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


So locking out isnt working, Is this a bug or have i missed something
obvious?


Any help appreciated. Samba 3.2.4 on solaris 10, ldap backend.



Thanks,

David.
Maybe Matching Threads

Search for more possibly parallel threads
samba - Oct 2008 - Account locking out not working[LDAP backend]

[Samba] Account locking out not working[LDAP backend]

Maybe Matching Threads

Wisdom of the Ancients
