Univention Bugzilla – Bug 38559
Password lockout settings not correctly set
Last modified: 2017-01-18 18:50:59 CET
Setting the logout settings according to http://docs.univention.de/manual-4.0.html#users:faillog does not trigger the needed samba-tool commands to change the logout settings in Samba4, leading to an inconsistent user experience.
Please clarify the report: * I assume this report refers to a situation where auth/faillog/lock_global has been set to yes. * Which lockout settings are you referring to? A) the lockout state (and time) of the user account in LDAP B) the UCR configuration (auth/faillog, auth/faillog/limit, auth/faillog/unlock_time) See also possibly related Bug #34726, Bug #35013, Bug #31907
UCR settings: root@master:~# ucr search --brief faillog auth/faillog/limit: 5 auth/faillog/lock_global: yes auth/faillog/root: no auth/faillog/unlock_time: 0 auth/faillog: yes Current Samba Settings: root@master:~# samba-tool domain passwordsettings show WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. Password informations for domain 'DC=kevin,DC=univention,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 0 Minimum password length: 8 Minimum password age (days): 0 Maximum password age (days): 0 Account lockout duration (mins): 0 Account lockout threshold (attempts): 1 Reset account lockout after (mins): 30 From the Documentation it isn't clear that there are separate settings for Samba. It would be consistent if the settings apply at the same time to both Realms. Ideally it can be unified into one counter, but two separate counters with the same settings would be good for most practical purposes.
*** This bug has been marked as a duplicate of bug 35809 ***