samba - Aug 2011 - Account locking synchronization between Linux and Windows (my solution)

We are using a Samba domain controller with a Sun Directory Server 7 LDAP
backend and we observed that when an account was locked out on Windows, it would
not lock the account on Linux as well.

We are using Samba 3.0.33 on CentOS 5.3 and this is the change I made:

 
							
						
						
							
								
	To configure samba to perform proper windows lockout in conjunction 
with a linux lockout, we need to modify the samba source code to look 
for the pwdaccountlockedtime rather than sambaKickoffTime


	Download the source RPM for samba for the OS you're using. This example
uses samba-3.0.33-3.7.el5.src.rpm from CentOS 5.3

		rpm -ivh samba-3.0.33-3.7.el5.src.rpm
		cd /usr/src/redhat/SOURCES
		tar -xzf samba-3.0.33.tar.gz
		cd samba-3.0.33/source/lib
		edit smbldap.c:    look for sambaKickoffTime and change to
pwdaccountlockedtime (2 places)
		cd /usr/src/redhat/SOURCES
		rm samba-3.0.33.tar.gz
		tar -czf samba-3.0.33.tar.gz samba-3.0.33
		rm -rf samba-3.0.33
		rpmbuild -bb /usr/src/redhat/SPECS/samba.spec    (install any dependencies 
i.e.  cups-devel or do a --nodeps to ignore)
		cd /usr/src/redhat/RPMS/x86_64
		rpm -Uvh --replacepkgs --force samba*.rpm
I'm not sure if this issue was addressed in later versions of Samba. I'm
just posting this in case someone finds it helpful, or knows of a better/safer
way to accomplish the same thing.

Thanks.

Kevin Taylor