Mailing List ArchivesPublic Access |
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesPublic Access |
|
|
Hi. We've got a samba PDC set up here with an LDAP backend for authenticating users on our Windows domain. I need to enable account locking after a certain number of failed login attempts. It seems to us that every time that a user runs a credential query the samba server sees a NT_STATUS_WRONG_PASSWORD followed by a successful login. What I think we're seeing is referred to in the release notes for 7.0/1 ----- As a back port from Condor versions 7.1, interoperability with Samba (as a PDC) has been improved. Condor uses a fast form of login during credential validation. Unfortunately, this login procedure fails under Samba, even if the credentials are valid. The new behavior is to attempt the fast login, and on failure, fall back to the slower form. ----- Certainly sounds like what we're seeing. The consequence of this action by condor, however, is that it's causing accounts to lock out because the failures are adding up. For some reason the failures don't get cleared out by the successful login via condor. My question is, is there a setting that we're not aware of in Condor to force the slower login form only, and forget about the fast login? Thanks. |