similar to: Account lockout

Hi All, We have a mixed environment running with Windows and Linux with samba as the domain controller.  Smart card login is configured and working properly with pkinit and certs, etc (https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login) though I don't think this is related. A handful of Windows clients are regularly getting their accounts locked during what seems to be a

Hi everyone After almost 2 days up-time with Samba 4, it failed again. This time it simply will not restart. The krb5.conf had got corrupted. I replaced it with this one from /usr/local/samba/private /etc/krb5.conf [libdefaults] default_realm = HH3.SITE dns_lookup_realm = false dns_lookup_kdc = true It starts up OK: samba -i -d 3 lpcfg_load: refreshing parameters from

Hello, We are trying to setup a SAMBA-Server with users that have empty passwords. We are using: Samba 4.0.8 Kernel 3.10.5 Slackware 14.0 x64 When we set a password the login successes! That's what we get when trying to login: [2013/08/07 13:31:46, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ media1 at BC from ipv4:10.0.99.100:62078 for

Hello, I have a samba 4.1.5. I have created OUs and linked GPO to OU for account lockout policies. Account Lockout Duration: 15min Account Lockout Threshold: 5 invalid attempts Reset Account lockout counter after: 15min I have created a test account and logged in with an incorrect password more than 5 times to a machine. but the test account never locks and the computer never prompts me that

I recently am migrating my PDC from NT4 to Samba 3.025. Apparently due to a mismatch between the capitalization of the Windows account and the Unix account (Administrator vs administrator) I managed to lock the account before catching the discrepenacy. # pdbedit -v administrator Unix username: Administrator NT username: Administrator Account Flags: [ULX Bad password count

Hi, Some users can't logon to their workstation if the session is negotiating with samba domain controller, the password is requested again and again. Samba is joined as a Domain Controller in a windows domain controllers. The users' s computers are joined also to the domain. But for some users the kerberos ticket is failing. Samba version 4.1.15 - Debian 7.8 Samba debug logs, level 3:

Hi, I have a Debian stable (woody aka 3.0) machine. I am moving my existing samba 2.x installation (that has users stored in smbpasswd) to samba 3.0.4 with LDAP as the backend. I am able to move the users to LDAP just fine. However, the password policy of bad lockout attempt does not seem to work. I installed the samba deb file from the samab.org site. I also have OpenLDAP slapd

First of all, I want to say I have been using Samba AD for two years now (since just before 4.0 went stable), and it is an amazing product. We've implemented Active Directory & Group Policy for almost 50 computers and 100 users. Unfortunately, we are now being forced into switching to Windows DCs because Samba does not have an account lockout feature. Citrix (stupidly) does not have

Hello thanks again for the help ! I have analysed samba logs more closely. I'am very worried. I have three DC (fichdc, fichds01, fichds02) but here I talk just about fichdc's logs. -> Almost every times, "AS-REQ" fail for the 3 DCs with something like this : ---------------- Kerberos: AS-REQ FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR from ipv4:172.16.0.20:59818 for

Greetings! Is there any way to to lockout a certain machine identified by its ip address after a fix number of bad logon attempts? I'm aware of account policy option "bad lockout attempts" but that would block the whole account and not just the machine. Have a sunny day! Ferdinand

Hello I know there is a domain account lockout feature at: http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s4-bwdPwdCount-01 A malicious user can type in incorrect password of any domain users. Then these users will be lockout (automatically or manually) in short time. Do we have any tools (equivalent to Event Viewer on Windows Server) for monitoring these actions

Hi, I continue setting up my FreeBSD 11.0 machine with Samba 4.4.9 built from sources. (Actually, OS type and Samba version don't matter so much, as I have the same problem with Debian Jessie and Samba 4.5.5) I followed the Wiki very close. Some details from provisioning: ... Realm [RW.LAN]: Domain [RW]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL,

Hi guys, I am so thrilled by samba 4 it makes me go to bed smiling J Here is my setup. Server ************ Centos 6.5 Samba 4.1.4 Clients ************* Windows XP, 7 & 8 Question: Is account lockout supported with samba4 ? I cannot seem to get the users accounts to lock when they type their passwords incorrectly. The rest of my GPO's work. Folder redirects work

Dear Samba team I followed this link: http://www.marshut.com/iptxts/samba4-domain-account-lockout.html But I don't know how to merge code into samba 4.1.6 Please help me integrated account lockout feature into lastest samba stable 4.1.6. And any commands to do it. Thank you very much! Hieu

Hi all, My boss is still questioning me for an answer. I've searched thru this archive thru the beginning of the year as well as searched thru Google, but still haven't found the answer to the this question.. Is there a way in Samba to automatically disable/lockout an account if the user has tried to signon more than a set number incorrectly? As an example: if JDOE tries to sign into

Hi, im trying to setup a password policy with samba and openldap. while lockout works perfect on openldap it looks like it does not work with my samba. Ive set "sambaLockoutThreshold" to 3 and "sambaLockoutDuration" to -1 (lockout forever) within the Domain-Object in LDAP. So i expect whenever a windows user does 3 false logon attemps his samba account will be LOCKED

I have a question about bad password lockout. Net pwsettings has settings for Complexity, Password history Length, Minimum password length, Minimum password age, and Maximum password age. But I can not see how to set a bad password login attempts. Can this be set using a group profile? Getting ready to use samba 4 for authentication purposes but really do need this ability. Everything

Help!! I have been using tbdsam as a backend and I have been unable to get the pdbedit -P "bad lockout attempt" -C 3 to be enforced. When I set the attribute it seems that I can try to login as many times as I want. Any help out there? Terrance

I'm currently using samba4 as an AD DC (domain and forest are both configured with the samba-tool command to be at the 2008_R2 functional level) for both Windows and Linux systems. I've got the default password settings set using the "samba-tool domain passwordsettings" command and I have all the GPOs configured as I need them for clients. However, I would like to configure how

hey list I'm doing a PCI audit for my company. One of the requirements is to specify a lockout duration of 30 minutes after 6 failed login attempts: For a sample of system components, obtain and insp 8.5.14 rd parameters system configuration settings to verify that passwo ed out, it are set to require that once a user account is lock a system remains locked for a minimum of 30 minutes