similar to: Stop disabling accounts?

I have the exact same problem as this guy: http://lists.samba.org/archive/samba/2006-September/125699.html He describes it much better and in much more detail than I could, so I'll let him speak for me. Unfortunately, I don't have the same solution. nss_ldap is configured properly, and things like 'getent passwd' and 'id machine-acct$' show the machine accounts as

I have a small domain with a Samba PDB and two Windows clients. My goal is to have all accounts held centrally on the Linux box, but the administrator login doesn't work as an administrator. That is, I can login just fine as 'administrator' (or as any of the other accounts in the Samba password db), but I don't get administrative privileges in Windows. In smb.conf, I have:

This is an immensely frustrating problem. I try to logon to my Samba 3.0.11 PDC running on SuSE, and the Samba logs report that it all went swimmingly: [2005/06/02 16:34:45, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [stpierre] -> [stpierre] -> [stpierre] succeeded So w00t, right. But no! Windows rejects my login with a "bad

I'm trying to troubleshoot a nasty problem with Samba 2.2.8a that I asked about here a while back, and I need someone with a working LDAP-Samba PDC -- preferably 2.2.8a, ideally running on Mac OS X, but I'll take what I can get -- to post the results of an ldapsearch for one of their machine trust accounts. All I'd need is the results of a command along these lines: ldapsearch -LLL

I'm trying to get Samba on a Mac OS X box running as a PDC with an LDAP backend. I've read through all of the major walkthroughs I can find, and we've actually already got it running very nicely as a file server; people are currently authenticating against a different PDC and then mapping drives from the Samba box in question. However, I'd like it to be the PDC eventually, but

Samba 3.0.21c, RHEL4. About a week ago, we restarted our Samba server because nmbd had run amok. Since that restart, our Apple clients have periodically disconnected -- by most reports, they disconnect every 15-45 minutes. It doesn't appear to be synchronized, i.e., every Mac on campus doesn't disconnect at once, but only occasionally. They get a message similar to: "A server you

I've got a Windows XP box that's unable to join my Samba (3.0.20) domain. We've got about 400 other computers, mostly WinXP, that have joined the domain quite successfully. I'm not sure when the most recent one joined, though, but I'm reasonably sure nothing has changed since then. The Samba log gives the following when I try to the computer to the domain: [2006/02/28

I recently have upgraded from Samba 2.2.8 to 3.0.7. I am using LDAP as a backend, but I'm running into a problem. Namely, since my user entries have no sambaSID attribute, Samba decides they don't exist. (At least, that's how it looks in the logs, included below.) I've looked through the conversion script that's included with Samba 3, but it just uses the rid attribute,

I recently am migrating my PDC from NT4 to Samba 3.025. Apparently due to a mismatch between the capitalization of the Windows account and the Unix account (Administrator vs administrator) I managed to lock the account before catching the discrepenacy. # pdbedit -v administrator Unix username: Administrator NT username: Administrator Account Flags: [ULX Bad password count

The release notes indicate support for bad password lockout policy starting with version 3.0.3 but I can't figure out how to enable it. I didn't see anything in the docs about turning it on. I also tried looking through all the options by using swat in advanced mode. How do I enable bad password lockout policy?

Hi there, With the new scrutinization by auditors on account policies and auditing, how can Samba be SOX compliant? Using 3.0.14a-sernet on Suse 9.1 - ldapsam Specifically, a couple of things seem to be lacking: 1) Logon/Logoff times are not being recorded The last logon time recorded in my ldap entries are pre-nt4 migration. 2) Do the Audit Policy values in user manager have any effect? Are

Hi everyone... Can somebody help me? I've sent this last Sunday but nobody has replied. Cheers, Rafael -----Mensaje original----- De: Rafael Paris [mailto:rparis@hotelmaruma.com] Enviado el: Domingo, 18 de Julio de 2004 06:58 p.m. Para: 'samba@lists.samba.org' Asunto: PDBEDIT USE - ACCOUNT FLAGS AND POLICIES Good afternoon everyone. I'm trying to set account control flags and

Hi everybody, I think i need a samba guru to solve this issue, because googling for months did not help and the problem is becoming pressing. I'm facing an annoying problem with samba. In detail, there is something wrong with the password handling. It happens from windows, mac or linux clients. Randomly (probably after $num days), the system asks to the user to change the password. After the

I've got a file server running both Samba and Netatalk ([OT] which are two programs that dearly need to be rolled into one). I've *tried* to configure it to minimize problems between the two, but I've run into a problem where users can't delete folders that contain, e.g., .AppleDouble folders in them. When I try from smbclient, I get: NT_STATUS_DIRECTORY_NOT_EMPTY removing

Hi, is there a way to force password complexity on NT4 style domains? the "samba-tool domain passwordsettings" seems to only work on DC mode, right? Boris

A few computers -- two or three -- are very spotty about letting people log on. It seems -- and this could be off-base -- that they'll let anyone log on once, but will require a reboot before you can log on again. Sometimes, logging on works fine, though. There really appears to be little rhyme or reason to what happens. In the Samba logs, I'm getting: [2006/10/20 08:08:14, 0]

Hello! Own Samba 4.4 as ADDC with this cnfiguração passwords: root @ Upsilon: ~ # samba-domain tool PasswordSettings show Password informations for domain 'DC = XXXXXXXX " Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum password length: 7 Minimum password age (days): 1 Maximum password age (days): 400 Account lockout duration (mins): 30

Hi, im trying to setup a password policy with samba and openldap. while lockout works perfect on openldap it looks like it does not work with my samba. Ive set "sambaLockoutThreshold" to 3 and "sambaLockoutDuration" to -1 (lockout forever) within the Domain-Object in LDAP. So i expect whenever a windows user does 3 false logon attemps his samba account will be LOCKED

Hi, Samba-3 with LDAP backend is capable in this. I'm using it and it works. All you have to do, is to use LDAP and set proper account policies: $ pdbedit -P "bad lockout attempt" -C 5 (after 5 wrong password, user account will be locked out - samba sets password hashes to ***NOPASSWORD*** and user is unable to logon). $ pdbedit -P "min password length" -C 9 # password

Hi there, we have a few SuSE Linux Enterprise Desktop 11 SP1 machines with Samba 3.4.3 joined to Windows Server 2003 domain. The domain has some strict password policies, like limited password tries before account is locked for a few minutes. It works fine when doing online authentication against the domain controllers. The problem rises with cached offline logon. Offline logon works,