Hi and thanks fer reply.
Are u talking about completly droping LDAP Authentication and only
rely/authenticate against samba ??
whats pam_winbindd all about ? i read its required if my samba is member
or some native NT or ADS domain for "somehow" mapping foreign NT Users
to some Unix users. Is it more than that ? Are there some good
Docs/Manuals about that a normal Human (Not a C Coder) can understand ?
thanks
Axel
Am 19.02.2009 16:42, Fran?ois Legal schrieb:> If you want to prevent the user from unlocking its samba account, you can
> probably do it with ACL on your directory (only allow modification to samba
> attributes by the bind user used by samba).
>
> If you want to prevent the user from logging in Linux when his account is
> locked, then you could consider using pam_winbindd instead of pam_ldap
>
> Fran?ois
>
> On Thu, 19 Feb 2009 13:14:48 +0100, Axel Werner
<mail@awerner.homeip.net>
> wrote:
>
>> Hi Gurus out there!
>>
>> Is there a Way to have Samba start a script in some way like those
>> addnewmachine or addnewuser scripts, that kicks in whenever a samba
>> user-account got locked down ?? (through manual lock OR more important,
>> through a intruder detection / x failed logon attempts )
>>
>> My Problem is that whenever a Samba Account got locked because of
>> exceeding max. failed logon attempts the corresponding LDAP User Object
>> is still "unlocked". So when however the user cannot log back
in to
>> samba, he is still able to log in on linux console (through pam_ldap)
>> and reset his password or so more nasty things. So i want to make sure
>> that if he fucks up his samba account , his LDAP account will also be
>> disabled.
>>
>> Some Hook for a custom script would be fine. But is there something
like
>> that ?
>> Any other Ideas how to manage that ?
>>
>> greetings
>> Axel
>>
>>
>>
>
>