similar to: Samba 3.0.24 + LDAP - User Lockout not working

Hi, I have a strange problem with a Windows Server 2008 R2-System as a member of a samba domain (Samba-Version on PDC: 3.4.12). Join was successfully, but when I log on Windows I got an error "Unknown user name or bad password." (Event ID 4625). Here an abstract of logfile for Windows Server 2008 R2-System (log level 10). Maybe some of you has an idea:

Hi there, With the new scrutinization by auditors on account policies and auditing, how can Samba be SOX compliant? Using 3.0.14a-sernet on Suse 9.1 - ldapsam Specifically, a couple of things seem to be lacking: 1) Logon/Logoff times are not being recorded The last logon time recorded in my ldap entries are pre-nt4 migration. 2) Do the Audit Policy values in user manager have any effect? Are

First of all, I want to say I have been using Samba AD for two years now (since just before 4.0 went stable), and it is an amazing product. We've implemented Active Directory & Group Policy for almost 50 computers and 100 users. Unfortunately, we are now being forced into switching to Windows DCs because Samba does not have an account lockout feature. Citrix (stupidly) does not have

Hello, I have a samba 4.1.5. I have created OUs and linked GPO to OU for account lockout policies. Account Lockout Duration: 15min Account Lockout Threshold: 5 invalid attempts Reset Account lockout counter after: 15min I have created a test account and logged in with an incorrect password more than 5 times to a machine. but the test account never locks and the computer never prompts me that

I recently am migrating my PDC from NT4 to Samba 3.025. Apparently due to a mismatch between the capitalization of the Windows account and the Unix account (Administrator vs administrator) I managed to lock the account before catching the discrepenacy. # pdbedit -v administrator Unix username: Administrator NT username: Administrator Account Flags: [ULX Bad password count

Greetings! Is there any way to to lockout a certain machine identified by its ip address after a fix number of bad logon attempts? I'm aware of account policy option "bad lockout attempts" but that would block the whole account and not just the machine. Have a sunny day! Ferdinand

Can I deploy software/applications through group or domain policy with samba?

Hi, I have a Debian stable (woody aka 3.0) machine. I am moving my existing samba 2.x installation (that has users stored in smbpasswd) to samba 3.0.4 with LDAP as the backend. I am able to move the users to LDAP just fine. However, the password policy of bad lockout attempt does not seem to work. I installed the samba deb file from the samab.org site. I also have OpenLDAP slapd

Hi all, My boss is still questioning me for an answer. I've searched thru this archive thru the beginning of the year as well as searched thru Google, but still haven't found the answer to the this question.. Is there a way in Samba to automatically disable/lockout an account if the user has tried to signon more than a set number incorrectly? As an example: if JDOE tries to sign into

Hi All, I have setup samba 4.3.9-Ubuntu AD DC, I want to setup password policy and account lockout policy to all my domain users. How I can do that. Please somebody give me the steps. -- Vivek Patil Assistant Manager - IT Forgeahead Solutions vivek.patil at forgeahead.io *O* +91 (0) 20 66 44 5900 | *M *+91 9579 216 049 601 Zero One, Level 6, Mundhwa, Pune 411036, Maharashtra, India *W*

I have a question about bad password lockout. Net pwsettings has settings for Complexity, Password history Length, Minimum password length, Minimum password age, and Maximum password age. But I can not see how to set a bad password login attempts. Can this be set using a group profile? Getting ready to use samba 4 for authentication purposes but really do need this ability. Everything

Hello guys! I'm using samba 3.2.4 (binaries from samba.org) on SLES9+sp3. I am building a PDC with LDAP support (i am attaching my config files), I'm also using ldapsam:trusted and ldapsam:editposix. Although I am setting the account lock after 3 failed tries in usrmgr, and verified that the parameters are actually set in the LDAP, no locking occurs. I started thinking that it was my

Hello I know there is a domain account lockout feature at: http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s4-bwdPwdCount-01 A malicious user can type in incorrect password of any domain users. Then these users will be lockout (automatically or manually) in short time. Do we have any tools (equivalent to Event Viewer on Windows Server) for monitoring these actions

Hello, We are using the account lockout feature in Samba 4.2. Unfortunately my own account is being locked out overnight and I can't figure out where from :-( Is there a level of logging on a Samba4 DC I can use to record the source address of any authentication failures, be they with Kerberos or native LDAP? Thanks, -- Luke Bigum --- LMAX Exchange, Yellow Building, 1A Nicholas Road,

Hi guys, I am so thrilled by samba 4 it makes me go to bed smiling J Here is my setup. Server ************ Centos 6.5 Samba 4.1.4 Clients ************* Windows XP, 7 & 8 Question: Is account lockout supported with samba4 ? I cannot seem to get the users accounts to lock when they type their passwords incorrectly. The rest of my GPO's work. Folder redirects work

Hi, I have a big problem. I see that samba 4 don't have bad lockout attempts and if samba don't have this, I cannot deploy samba 4. This setting is a security setting, it's very important. A virus attack can be modered by this setting (password crack) and the security bookfor IS from my compagny says : 11.1.3 User password management 11.1.3.1 Recommendations for access

First off, I apologize if this is a duplicate - I had some issues with the first email I tried to join this list with! I'm currently using samba4 as an AD DC (domain and forest are both configured with the samba-tool command to be at the 2008_R2 functional level) for both Windows and Linux systems. I've got the default password settings set using the "samba-tool domain

Hello, I plan to update my samba-3.0.22/openldap-2.3.24 to samba-3.0.34/openldap-2.4.15 and I'm currently testing it. This is on FreeBSD. My idea is : 1) slapcat the openldap server and save the various tdb files. 2) deinstall samba and openldap and wipe out the bdb files 3) install the newer versions 4) slapadd to the new openldap server This seems to work in my test lab. During my tests I

----- "Ben M." <centos at rivint.com> wrote: > Gack. I added an additional Raid1 pair to my machine just before I > planned to bring it over to the office and I did something dumb and > locked out. > > I have the pv's, vg's and lv's cleared. All I need to do is get on > root > and remove a line from fstab, but I can't get it out of read

Help!! I have been using tbdsam as a backend and I have been unable to get the pdbedit -P "bad lockout attempt" -C 3 to be enforced. When I set the attribute it seems that I can try to login as many times as I want. Any help out there? Terrance