First of all, I want to say I have been using Samba AD for two years now (since just before 4.0 went stable), and it is an amazing product. We've implemented Active Directory & Group Policy for almost 50 computers and 100 users. Unfortunately, we are now being forced into switching to Windows DCs because Samba does not have an account lockout feature. Citrix (stupidly) does not have it's own account lockout feature, it relies solely on AD's account lockout functionality. And, as we all know, Citrix is an online app which makes it susceptible to brute force attacks. It would be helpful if you could implement this account lockout feature--if so, you would probably see a big increase in user base. PS I wish I had the programming chops to contribute to this software myself. Alan Romans
S4 has an account lockout feature and it works fine. Has since I started using it two years ago. You need to configure it from the S4 server, not GPO. samba-tool domain passwordsettings show Try that. If that isn't what you want, can you be more specific? On 8/1/2014 4:17 PM, Alan Romans wrote:> First of all, I want to say I have been using Samba AD for two years now (since just before 4.0 went stable), and it is an amazing product. We've implemented Active Directory & Group Policy for almost 50 computers and 100 users. > > Unfortunately, we are now being forced into switching to Windows DCs because Samba does not have an account lockout feature. > > Citrix (stupidly) does not have it's own account lockout feature, it relies solely on AD's account lockout functionality. And, as we all know, Citrix is an online app which makes it susceptible to brute force attacks. > > It would be helpful if you could implement this account lockout feature--if so, you would probably see a big increase in user base. > > PS I wish I had the programming chops to contribute to this software myself. > > Alan Romans
On Fri, 2014-08-01 at 15:17 -0500, Alan Romans wrote:> First of all, I want to say I have been using Samba AD for two years now (since just before 4.0 went stable), and it is an amazing product. We've implemented Active Directory & Group Policy for almost 50 computers and 100 users. > > Unfortunately, we are now being forced into switching to Windows DCs because Samba does not have an account lockout feature. > > Citrix (stupidly) does not have it's own account lockout feature, it relies solely on AD's account lockout functionality. And, as we all know, Citrix is an online app which makes it susceptible to brute force attacks. > > It would be helpful if you could implement this account lockout feature--if so, you would probably see a big increase in user base. > > PS I wish I had the programming chops to contribute to this software myself.This is already implemented in GIT master, and will be part of Samba 4.2. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba