LDAP account locking with Windows (smbldap)

We're running directory server 7 in our area and it's all set up and
working. We're using the smbldap-tools in conjunction to have the
directory server allow domain logins.
The main issue is that we want to enforce account lockouts after 5
failed attempts. When using the built-in password policy in the
directory server to do this, and a user locks their account, they can no
longer log into any of the linux systems (what we want). However, with
windows, a user can still log in with their current password, if they
type a bad password, they get an error saying there's a problem with
their account....so the locking doesn't work.
My theory is just that the LDAP server is preventing windows from seeing
some of the attributes once the account is locked...probably preventing
info from being written to the samba bad password count.
Do you know if there's a way to modify the LDAP server configuration
such that when an account is locked out, to modify OTHER attributes than
the defaults? So, if the directory server enables the lockout, it
modifies not only the pwdaccountlockedtime field, but also, say,
sambaAccountFlags?
Thanks for any tips.

We're running Windows XP systems. Unfortunately we're not running AD, but rather a Samba server, which is storing its information in the Sun Directory Server. I'm not sure if the Identity Synchronization will work with Samba or not. I can also take a look at this windows bug and see if maybe just changing the timeout on the old passwords. If that prevents people from logging in due to an account locking, good enough for me. I think the biggest concern is that we prevent users from accessing their accounts in the event they get locked.
Is what I'm trying to do possible with an ACI perhaps? I'm not familiar enough with the ACIs to know. So, basically IF the pwdaccountlockedtime flag OR the smbacctflag looks a certain way, prevent users from accessing any information from the LDAP server.

Similar Messages

  • Configuring LDAP for WEBASJAVA  with Windows ADS LDAP

    Dear All,
          I have installed Windows ADS with windows LDAP on a server and Webas java on another server. How to configure UME of WEBAS JAVA to connect  with Windows ADS. How to do the LDAP integration?
       Please guide me.
    Regards
    Arun

    HI,
       I instalIed Webas JAva NW04 SP 20.During LDAP config with Microsoft ADS,  test  connection it works, but if i try Authentication test it says authentication failed , no user found(i tried Administrator user). After i restarted now im able to see all the ads users but still Authentication failed error is there.
    Thanks n Regards
    ARun

  • How Can i sign in without windows live account, only with an usual administrator account????

    Hello guys , im new in the forum and i have this small problem, i want to sign in to windows 8.1 with an usual account , not with windows live account, its okay to sign in with windows live account but im asking because im a little bit
    curious.
    Thank you for the support :D !!!

    Hi Pelopidas
    Please follow the link
    http://www.techrepublic.com/blog/windows-and-office/quick-tip-change-microsoft-live-to-a-local-account-in-windows-81/

  • Sync with Windows Address Book just hangs

    I have iPod Touch 4g, iOS 4.1, iTunes 10.0.1.22, Windows XP (up to date). I sync'd my Windows Address Book to the Touch without issue, I made some updates on the Touch, and now when I try to sync, it just hangs at trying to sync the contacts. No errors, it just indicates that it is syncing. iTunes doesn't actually hang, I can cancel the sync, and I can still sync songs, and it still backs up fine as first sync step.

    As far as I am aware, "identities" is an Outlook Express concept that was dropped by Microsoft some time ago in favour of separate User Accounts along with Windows Address Book being replaced by Windows Contacts. I am also not 100% sure that iTunes will sync with Windows Address book. Do you see it on the drop down menu in the Sync Contacts tab?
    If you do and if iTunes will sync with Windows Address Book you should only see the contacts associated with the identity you are using and shared contacts. If iTunes then syncs, it should sync with the identity you are using at the time of the sync.

  • I have downloaded the most recent itunes on my new computer with windows 8        but a message pops up saying "the itunes library.itl file is locked, on a locked disk or you do not have write permission for this file. How do I fix?

    I have downloaded the most recent itunes on my new computer with windows 8 but when I attempt to get in I get this message "The itunes library.itl file is locked, ona locked disk, or you do not have write permission for this file."  How do i fix this?

    Repair iTunes Security Permissions
    Right-click on your main iTunes folder and click Properties, then go to the Securitytab and click Advanced. Use the Change Permissions... button grant to your account (or the Users group) and SYSTEM full control of this folder, subfolders and files, then tick the option to Replace permissions entries... which will repair permissions throughout the library. When complete switch to the General tab, click in the Read-only check box to clear it, then click Apply.
    If you don't have the option to change the permissions then use the Owner tab and Edit... button to take ownership from an account with administrator privileges. Tick the option to Replace owner on subcontainers and objects.
    Repeat with the media folder if it isn't stored inside the main iTunes folder.
    If you've brought over the library from another computer you may also want to remove any "mystery" identities (S<string of dashes & digts>) that have come over from the old computer...
    The images above are from Windows 7. Hopefully the system isn't too different in Windows 8.
    tt2

  • Can't Change Lock Screen Background Image and User Account Picture in Windows 8.1.

    I am running Windows8.1 Single Language with windows activated. Upgraded from Window 8 to Windows 8.1.
    Lenovo Y410p.
    4th generation Intel® Core™ i7-4700MQ (2.40GHz 1600MHz 6MB) with 16GB RAM.
    NVIDIA® GeForce® GT750M 2GB .
    I tried all methods that I found on web included :
    1. http://www.askvg.com/fix-cant-change-lock-screen-background-and-user-account-picture-in-windows-8/
    2. http://answers.microsoft.com/en-us/windows/forum/windows8_1-desktop/lockscreen-issues-on-windows-81/c51f570a-7a69-4e92-8348-3ebbed778592
    3. I deleted the C:\ProgramData\Microsoft\Windows\SystemData file and folder
    4. I restored the Libraries Features.
    5. I run SFC / Scannow 3 times but get no error.
    6.  I created a new local account but the same problem shows up. (I'm using live for main account.)
    Now, Please tell me what should I do, Thanks.

    Hi,
    First of all, please run the command slmgr.vbs /dlv
    After that, check the License status if it is licensed.
    Is there any error message when you couldn't change lock background or this option just grey out?
    Roger Lu
    TechNet Community Support

  • LDAP (Directory service) server and client compatiblw with windows 7

    Hello Experts,
    Earlier we were using Netscape Server 4.0 and Console  in Windows XP for LDAP Integration testing with BRM.
    Now that Windows XP is soon going to be decommissioned and the software is incompatible with windows 7,I am looking for Directory service (both server and client) alternatives compatible with Windows 7.
    Has  anyone tried setting up a Directory service(or LDAP) in windows 7 Operating system ??
    Any help is appreciated. Thank you

    Hello Mr Thio,
    Basic cause for this type of error message is Generally permission issue.If you are using a domain account make sure it is added as local administrator in local machine.
    RK on setup.exe and select run as administrator
    Makes sure you copy installables on local drive and run setup from machine if your are running from CD directly avoid it.
    Below MS link has documented this error please go through the link properly
    http://support.microsoft.com/kb/2799534
    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

  • Msi GeForce 4 4200 frame rate locked at 60 with Windows 2000

    Lost here..... I have an MSI Geforce 4 4200 120MB Video Card slotted on an Asus A7V motherboard - AMD Thunderbird 1Ghz processor with 640mb of ram.
    There is a common problem with the Nvidia chip and Windows 2000 in regards to a lock frame rate at 60fps within games.
    I've tried several programs to fix this i.e. "Refresh Lock", "Windows 2000/XP Nvidia Refresh rate lock", "PowerStrip 3.15" and "NVFresh Tool 1.0"
    But nothing seems to work. I'm sure these program work with older Nvidia cards but not with GeForce 4.
    Any Ideas? I even turned the Vsync off and on.
    HELP!

    p-fulla, I'm not to sure about your system and Windows XP but check out these tweeking sites.
    GEFORCEZONE.COM
    http://www.geforcezone.com/
    and
    TWEAKED.NET
    http://www.tweak3d.net/
    TECHTV.COM/SCREENSAVERS
    http://www.techtv.com/screensavers/
    (A little advice: If you can, dump XP and install a copy of Windows 2000 second edition. They both have the same KERNAL but I find that Win 2000 is much more compatible for now. I give XP 2 more years before it's the OS for all. I've reinstalled 6 systems with Windows 2000 because of compatibility problems.)

  • How do I get an iCloud account on my PC with Windows 7?

    Is there anyway of getting an iCloud account on my PC with Windows 7 without having any Apple products?
    Thanks in advance,
    Fox

    Is there anyway of getting an iCloud account on my PC with Windows 7 without having any Apple products?
    Thanks in advance,
    Fox

  • How do I used my iPhone if it is Lock with an Apple ID account of the previous user and i can't longer contact him?

    I bought an Apple Device namely iPhone 4s and this really bother and give me an intimate reason to contact Apple. How do I use the device, if it is Lock with an Apple ID account of the previous user, and everytime I open the phone the screen will show Activate iPhone with the Apple ID link on the Device. The worse thing is that, i couln't contact the seller any longer and the device is seems useless. I can't use it. Please give me some help how to fix this error and vulnerabilities.

    Sorry alvinguibz, but you have encountered an Activation Lock, and unless you can contact the previous owner and have them follow the steps below, you will not be able to use your device:
    Removing Previous Owner from Device
    There is no other way around this.
    Sorry,
    GB

  • My ipod touch has a old email account associated with itunes. I don't remember the password to the old account and when I enter my birthdate it locks up the ipod - is there a way to change my ipod through my computer

    My ipod touch has an old email account assoicated with itunes. I no longer remember the password associated with this email and since it is gone I can't retrieve password by sending to email account. When I try to retrieve by hints it locks up when i enter birth month and day. Is there a way to change my Ipod through my computer? I have searched and can't find it. Thanks

    How to reset the password  and other items are here.
    \Frequently Asked Questions About Apple ID
    http://support.apple.com/kb/he37 You can do it through a computer.  After resetting the password and other stuff, on the iPod go to Settings>Store and sign out of the account and then sign back in.

  • I am dual booting my mackbook pro with windows 7 64 bit. Yesterday it started locking up at the disk drive selections screen, when you hold down the "option" butting when powering on. I have been searching all morning, and so far nothing. Thanks. :)

    Hey folks,
    I have been using bootcamp for months now with windows 7 64 bit, and its been fine, yesterday while I was rebooting to do some gaming, at the hard drive selection screen when you boot holding the "options" butting down, it locks up when I select the windows drive and just sits there for ever. It doesn't throw an error, it boots fine into Lion.
    I searched all morning and didn't find anything, was hoping that someone might have an idea.
    Thanks in advance

    Search again. Microsoft has tips on what to do and Windows has a number of features
    system restore points
    automatic system repair using the Win7 DVD
    system restore image creation
    Just like you would with OS X Lion and Lion Recovery and Repair
    Use WinClone 3 www.twocanoes.com $20 to make an image just like you would with Disk Utility Restore or Carbon Copy Cloner
    rollback to last known good boot check point
    rollback a driver or program or any changes
    clean out temp files
    clean registry
    chkdsk
    https://discussions.apple.com/people/The%20hatter?view=bookmarks

  • Outlook 2013 Mail Setup Add Account crashes with Rundll32 error and will not connect to Exchange in Windows 8.1

    I got a new Acer laptop with Windows 8.1 over 3 weeks ago, and installed Office Professional Plus 2013.  I have an Office365 E1 subscription, but this Office 2013 is not associated with the subscription.
    When I go to setup any email account using the automatic mode (primary will be Exchange Online with my 365 account, but I've tested POP email accounts with the same result), the Mail Setup crashes once the email address and password is entered and Next is
    pressed.  This error message is displayed:
    "Windows host process (Rundll32) has stopped working
    A problem caused the program to stop working correctly.  Windows will close the program and notify you if a solution is available."
    The step displayed as in process when the crash occurs is the "Searching for [email address] settings".  The first step "Establishing network connection" is checked complete.
    I've run an Office Repair, and there's no change.  I've run a clean boot, and even uninstalled/reinstalled with the same error still appearing.
    If I use the manual setup mode and input the server outlook.office365.com, both the Check Name function and the Next button result in the error message:
    "The action cannot be completed. The connection to Microsoft Exchange is unavailable.  Outlook must be online or connected to complete this action."  The folks in the Office365 support community have told me that Office365 ExchangeOnline
    servers have to be configured with the auto-setup and cannot be setup manually.
    I've done both a system refresh and a system reset, and I'm still getting the Rundll32 error.  I tried to run a reset from a disk, but the laptop does not want to run it from the external DVD drive (giving error messages), so that doesn't appear
    to be an option.
    I've searched extensively, and there doesn't seem to be any existing threads where anything like this problem is discussed. 
    Can you offer any ideas or solutions?
    After THREE WEEKS of troubleshooting this, and some significant delays in getting help from support, I'm really close to returning this laptop.
    I need an answer on this ASAP to see if you've got an insights before I return the laptop for a new one.
    Thanks,
    Jason

    IMPORTANT: I found the solution.  Another user figured it out and posted the answer on another thread.
    Please spread this around to all other Outlook support techs so they know to point people in the direction of the quick (though very obscure) fix to this problem. 
    See this thread for how to disable graphics acceleration in Office, which iswhat causes the rundll23 error.
    http://answers.microsoft.com/en-us/office/forum/office_2013_release-outlook/rundll32-outlook-mail-windows-host-process-error/bf90e1fd-3985-4b15-bc50-f9b3e937a859?tm=1424345216297
    Thanks,
    Jason

  • Standard Domain Accounts don't work with Windows 8.1 Pro

    I have AD running on Server 2012 with Windows 7 systems. I recently purchased a few Windows 8.1 laptops that I connected to the domain. They are fully updated to the latest windows 8.1 version, and all security updates are installed. 
    When I log in as an domain administrator user, then I can log in. No problems.
    However, when I log in as a standard domain user, it signs me off immediately. It says 'Welcome' .... 2 seconds pass... 'Signing Out' and I'm back to the login page. I tried this with Windows 8 systems, and it works but as soon as it is updated
    to Windows 8.1, I start having this problem. 
    Event Viewer does show some errors when a standard domain user logs in. 
    9009 - Desktop Window Manager - The desktop window manager has exited with code 0xd00002fe
    Then,
    4006 - WinLogin - The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Windows\System32\userinit.exe
    1542 - User Profile Service - Windows cannot load classes registry file. Detail - The system cannot find the file specified.
    I installed Windows 8 Pro using the Dell CD that came with the laptop. I updated to Windows 8.1 using windows store, and then windows update for the latest windows 8.1 update.
    I have searched these forums, and made sure that winlogon executable is correct. I have recreated the user profile. I have tried multiple accounts and while they work on Windows 7, and windows 8, they fail on all windows 8.1 laptops. 
    Please assist. Thank you

    Hi,
    Try to run the two commands in command prompt:
    Net localgroup Users Interactive /add
    Net localgroup Users "Authenticated Users" /add
    Then what’s the result?
    Alex Zhao
    TechNet Community Support

  • HT5622 How can I authorize a new computer (with windows 8) without deauthorizing my other computers (windows 7) . Under manage your account the only choice given is to deauthorize all computers already authorized

    I just bought a new computer with windows 8. I have 2 other computers (windows 7) authorized for itunes. When I go to manage your account the only choice I am give is to deauthorize all computers. There is no place from which to authorize this new computer or to deauthorize the 1 computer that is dead rather than both. Suggestions appreciated

    To authorize the Windows 8 computer, press the Alt and S keys and choose Authorize this Computer, or click here, follow the instructions, click on Store in the menu bar, and choose Authorize this Computer.
    It isn't possible to individually deauthorize a computer which is dead or which you don't have either physical or network access to.
    (87970)

Maybe you are looking for

  • How to encrypt the drive/folder in mountain lion

    My air has upgraded to Mountain Lion, however, i can't seem to see the encrypt option from the contestual menu in Finder? Thanks

  • Can I Control Book Module Zoom Levels in LR4

    Hi I'm frustrated that using zoom in/out in Book module doesn't seem to let me control the level of zoom. On my macbook this makes text in captions either too small to read without straining or too large to see more than a few words at a time. I can

  • Webdynpro for ABAP - released for customer?

    Hi all, I have installed the ABAP Webdynpro - and love it! Do anybody know if the software is released for customers? or do the customers need to be ramp-up? Best regards

  • Application object type

    Hi, For any transportation visibility process in TM 8.1, I need to identify various extractors like control, info parameter, tracking ID etc so that AOT can be designed. From technical perspective what are the various enhancement that is required fro

  • .aif sound file, Dreamweaver CS6

    I'm designing a web page with Dreamweaver CS6 that has an .aif format audio file.  When the page is opened on the web the way it is now, the music automatically starts playing.  I want to make it so the viewer/listener has to click the arrow before t