Displaying 20 results from an estimated 28 matches for "sambalockoutthreshold".
2009 Aug 20
1
LDAP errors with v3.0.34 using the LDAP schema file with Sun DS 5.2
...onn=-1 op=-1 msgId=-1 - User error: Entry
"sambaDomainName=????????,??=???,??=???", attribute
"sambapwdhistorylength" is not allowed
ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry
"sambaDomainName=????????,??=???,??=???", attribute
"sambalockoutthreshold" is not allowed
ERROR<5897> - Schema - conn=-1 op=-1 msgId=-1 - User error: Entry
"sambaDomainName=????????,??=???,??=???", attribute "sambamaxpwdage" is
not allowed
The authentication is succdessful, yet these errors are logged multiple
times. Checked in the s...
2009 Feb 12
5
Samba 3.0.24 + LDAP - User Lockout not working
Hi,
im trying to setup a password policy with samba and openldap. while
lockout works perfect on openldap it looks like it does not work with my
samba.
Ive set "sambaLockoutThreshold" to 3 and "sambaLockoutDuration" to -1
(lockout forever) within the Domain-Object in LDAP. So i expect whenever
a windows user does 3 false logon attemps his samba account will be
LOCKED forever, until reseted by an admin.
If i peek those parameters with "pdbedit -P" it...
2009 Mar 12
1
updating samba/ldap: do I need new attributes?
...enldap server
This seems to work in my test lab.
During my tests I also built a new domain afresh and realized that the
sambaDomainName ldap entry has some attributes that are not in my
production server: sambaMinPwdLength, sambaLogonToChgPwd,
sambaLockoutDuration,
sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff.
Do I have to add these attributes to my ldif file before slapadd?
More generally, do I have to add some attributes to my ldap entries?
Regards,
Thierry
2018 Aug 09
2
LDAP SSL
...#
# LDAPv3
# base <dc=suntech> with scope subtree
# filter: sambadomainname=*
# requesting: ALL
#
dn: sambaDomainName=suntech,dc=suntech
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaDomainName: suntech
sambaSID: S-1-5-21-3936576374-1604348213-1812465911
sambaPwdHistoryLength: 0
sambaLockoutThreshold: 0
gidNumber: 10034
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaMinPwdLength: 5
sambaLogonToChgPwd: 0
sambaForceLogoff: -1
uidNumber: 10002
sambaNextRid: 10038
# server02, suntech
dn: sambaDomainName=server02,dc=suntech
sambaDomainName: server02
sambaSID: S-1-5-21-2631908330-1812305667-41686038
samb...
2009 Mar 24
1
problem with sambaNextRid (WAS: updating samba/ldap: do I need new attributes?)
...ab.
>> During my tests I also built a new domain afresh and realized that the
>> sambaDomainName ldap entry has some attributes that are not in my
>> production server: sambaMinPwdLength, sambaLogonToChgPwd,
>> sambaLockoutDuration,
>> sambaLockoutObservationWindow, sambaLockoutThreshold, sambaForceLogoff.
>>
>> Do I have to add these attributes to my ldif file before slapadd?
>> More generally, do I have to add some attributes to my ldap entries?
>>
>> Regards,
>> Thierry
>>
>>
>>
2008 Feb 20
1
sambaPwdMustChange attribute didn't get updated (3.0.27a)
...ssword-length option got saved.
After doing some research, i managed to solve this by adding the
following LDAP attributes to the access rules in slapd.conf:
sambaMinPwdLength
sambaPwdHistoryLength
sambaLogonToChgPwd
sambaMaxPwdAge
sambaMinPwdAge
sambaLockoutDuration
sambaLockoutObservationWindow
sambaLockoutThreshold
sambaForceLogoff
sambaRefuseMachinePwdChange
But one problem still exists:
If Windows-users change their password via the normal Windows dialog,
the password got changed in LDAP , also the sambaLastChange attribute
got updated , BUT sambaPwdCanChange and sambaPwdMustChange attributes
didn'...
2017 Feb 03
1
Samba standalone + openldap
...e: 1000//
// objectClass: sambaDomain//
// sambaNextUserRid: 1000//
// sambaMinPwdLength: 5//
// sambaPwdHistoryLength: 0//
// sambaLogonToChgPwd: 0//
// sambaMaxPwdAge: -1//
// sambaMinPwdAge: 0//
// sambaLockoutDuration: 30//
// sambaLockoutObservationWindow: 30//
// sambaLockoutThreshold: 0//
// sambaForceLogoff: -1//
// sambaRefuseMachinePwdChange: 0/
# samba's attributes (objectclass)
/ sambaSamAccountsambaconfig, sambagroupmapping, sambaidmapentry, etc ../
# openldap directory tree
* dc=my_domain, dc=com
o ou=Groups
+ groupe a (user1, user2,...
2018 Mar 05
2
Fwd: Migrating server
...576374-1604348213-1812434911
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
sambaNextRid: 1001
uidNumber: 10000
gidNumber: 10000
When I tried to add a Windows 7 machine to the domain I get " Unknown user
or wrong password". I was using the "sadmin" login who is in the "sudo". I
dumped the...
2018 Mar 01
3
Fwd: Migrating server
Yes please for the notes.
I re-ran the tests without the smbldap-tools. I installed phpldapadmin and
am able to login to the apache page using the cn=admin, dn=mydomain and
create entries. This kind of tells me that LDAP is working
Then I run the pdbedit -Lv and it lists all the users.
The following happens when I add the LDAP bits to smb.conf and restart
samba.The issue seems to be with samba
2018 Mar 02
1
Fwd: Migrating server
...IdPool
> More later on
>
>> sambaNextUserRid: 1000
>> sambaMinPwdLength: 5
>> sambaPwdHistoryLength: 0
>> sambaLogonToChgPwd: 0
>> sambaMaxPwdAge: -1
>> sambaMinPwdAge: 0
>> sambaLockoutDuration: 30
>> sambaLockoutObservationWindow: 30
>> sambaLockoutThreshold: 0
>> sambaForceLogoff: -1
>> sambaRefuseMachinePwdChange: 0
>> sambaNextRid: 1002
>>
>>
>>
>>
>> ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config
>> 'olcAttributeTypes=*' dn
>> SASL/EXTERNAL authentication start...
2018 Mar 02
0
Fwd: Migrating server
...o add here an auxiliary objectclass: sambaUnixIdPool
More later on
> sambaNextUserRid: 1000
> sambaMinPwdLength: 5
> sambaPwdHistoryLength: 0
> sambaLogonToChgPwd: 0
> sambaMaxPwdAge: -1
> sambaMinPwdAge: 0
> sambaLockoutDuration: 30
> sambaLockoutObservationWindow: 30
> sambaLockoutThreshold: 0
> sambaForceLogoff: -1
> sambaRefuseMachinePwdChange: 0
> sambaNextRid: 1002
>
>
>
>
> ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config
> 'olcAttributeTypes=*' dn
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNu...
2011 Nov 08
1
Problem while log on: Windows Server 2008 R2 in samba domain
...id=xxx,dc=xxx,dc=xxx,dc=xxx -W -LLL '(sambaDomainName=EVAN)'
Enter LDAP Password:
dn: sambaDomainName=EVAN,dc=xxx,dc=xxx,dc=xx
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaDomainName: EVAN
sambaSID: S-1-5-21-1042031166-387543594-2118856591
sambaMinPwdAge: 0
sambaMaxPwdAge: -1
sambaLockoutThreshold: 0
sambaMinPwdLength: 5
sambaLogonToChgPwd: 0
sambaForceLogoff: -1
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaRefuseMachinePwdChange: 0
sambaPwdHistoryLength: 0
gidNumber: 3616
sambaNextRid: 1183
uidNumber: 12704
Thank you!
Best,
Alex
2014 Oct 24
1
Changing user account passwords using smbpasswd after password expiration
...sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1406347540
Also, I have sambaDomainName=WORKGROUP with entries like the following:
sambaMinPwdAge: 0
sambaPwdHistoryLength: 0
sambaMinPwdLength: 6
sambaLogonToChgPwd: 2
sambaLockoutDuration: 1
sambaMaxPwdAge: 7776000
sambaLockoutObservationWindow: 1
sambaLockoutThreshold: 5
With these settings pdbedit shows the following output:
# pdbedit -u USERNAME -v
Unix username: USERNAME
NT username: USERNAME
Account Flags: [U ]
User SID: **DELETED**
Primary Group SID: **DELETED**
Full Name: USERNAME
Home Directory:...
2018 Mar 05
0
Fwd: Migrating server
...000
> objectClass: sambaDomain
> objectClass: sambaUnixIdPool
> sambaNextUserRid: 1000
> sambaMinPwdLength: 5
> sambaPwdHistoryLength: 0
> sambaLogonToChgPwd: 0
> sambaMaxPwdAge: -1
> sambaMinPwdAge: 0
> sambaLockoutDuration: 30
> sambaLockoutObservationWindow: 30
> sambaLockoutThreshold: 0
> sambaForceLogoff: -1
> sambaRefuseMachinePwdChange: 0
> sambaNextRid: 1001
> uidNumber: 10000
> gidNumber: 10000
Fine.
Are the names mydomain your real and wished names,
or are they coming from samdb migration?
>
> When I tried to add a Windows 7 machine to the domain...
2011 Jun 08
1
Problem with IDMAP+LDAP+WINBIND
...: DSS
sambaSID: S-1-5-21-2206515185-2896615622-3143254707
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
structuralObjectClass: sambaDomain
entryUUID: 6470ac16-262b-1030-84d9-1370b5f1fe61
creatorsName: cn=admin,dc=server,dc=nas
createTimestamp: 20110608145736Z
entryCSN: 20110608145736Z#000007#00#000000
modifiersName: cn=admin,dc=server,dc=nas
modi...
2011 Sep 15
1
pdb_increment_bad_password_count
After moving from Redhat AS4 to RHEL 5.5 we started noticing these error messages in the messages log. Upgrade procedure was to build new machine with updated OS, install new samba, duplicate existing ldap server connections, and then shutdown the old box and put new one in place. Messages were not seen on AS4 box and smb.conf file is identical on new box. I am wondering if there was a change
2012 Dec 13
1
Migrate to samba 4 in ( relatively ) complex openLDAP environment
...Language
radiusFilterId
radiusTunnelMediumType
radiusTunnelPrivateGroupId
radiusTunnelType
sambaAcctFlags
sambaAlgorithmicRidBase
sambaClearTextPassword
sambaDomainName
sambaForceLogoff
sambaGroupType
sambaHomeDrive
sambaKickoffTime
sambaLMPassword
sambaLockoutDuration
sambaLockoutObservationWindow
sambaLockoutThreshold
sambaLogoffTime
sambaLogonHours
sambaLogonScript
sambaLogonTime
sambaLogonToChgPwd
sambaMaxPwdAge
sambaMinPwdAge
sambaMinPwdLength
sambaNextRid
sambaNextUserRid
sambaNTPassword
sambaPasswordHistory
sambaPreviousClearTextPassword
sambaPrimaryGroupSID
sambaProfilePath
sambaPwdCanChange
sambaPwdHistor...
2007 Nov 15
2
Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a
Hi,
I just upgraded one of our samba BDC's (with LDAP back end on
solaris 10) from 3.0.23c to
3.0.26a and can no longer mount shares.
The error message I'm seeing in the samba logs is
[2007/11/15 14:15:26, 1] auth/auth_sam.c:sam_account_ok(172)
sam_account_ok: Account for user 'dbb' password must change!.
[2007/11/15 14:15:26, 3]
2008 Nov 05
1
Samba 3.2.4 not locking accounts?
...baDomainName=C1.VE,dc=c1,c=ve,dc=xxxx
sambaDomainName: C1.VE
sambaSID: S-1-5-21-1230964018-1252349843-1944742870
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaRefuseMachinePwdChange: 0
sambaNextRid: 1002
sambaLockoutDuration: -1
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 3
sambaMinPwdLength: 5
sambaPwdHistoryLength: 5
sambaLogonToChgPwd: 0
sambaMaxPwdAge: 7776000
sambaMinPwdAge: 0
sambaForceLogoff: -1
dn: cn=domusers,ou=group,dc=c1,c=ve,dc=xxxx
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: domusers
displayName: Domain Users
gidNumber: 10000
sambaSID:...
2011 Jun 10
1
ldap backend failing
...: ALL
#
# LDNSPL, example.com
dn: sambaDomainName=LDNSPL,dc=example,dc=com
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaDomainName: LDNSPL
sambaSID: S-1-5-21-1979685110-1467996072-351907979
gidNumber: 1000
sambaPwdHistoryLength: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutThreshold: 0
sambaRefuseMachinePwdChange: 0
sambaMinPwdLength: 5
sambaLogonToChgPwd: 0
sambaNextRid: 1001
sambaForceLogoff: -1
uidNumber: 1116
The same query with cn=djohn returns nothing:
...
# filter: cn=djohn
# requesting: ALL
#
# search result
search: 2
result: 0 Success
So some parts of my configu...