I wanted to re-post this since I wasn't sure it made it to the group earlier. Anyone have some thought on this? Hi. We've got a samba PDC set up here with an LDAP backend for authenticating users on our Windows domain. I need to enable account locking after a certain number of failed login attempts. It seems to us that every time that a user runs a credential query the samba server sees a NT_STATUS_WRONG_PASSWORD followed by a successful login. What I think we're seeing is referred to in the release notes for 7.0/1 ----- As a back port from Condor versions 7.1, interoperability with Samba (as a PDC) has been improved. Condor uses a fast form of login during credential validation. Unfortunately, this login procedure fails under Samba, even if the credentials are valid. The new behavior is to attempt the fast login, and on failure, fall back to the slower form. ----- Certainly sounds like what we're seeing. The consequence of this action by condor, however, is that it's causing accounts to lock out because the failures are adding up. For some reason the failures don't get cleared out by the successful login via condor. My question is, is there a setting that we're not aware of in Condor to force the slower login form only, and forget about the fast login? Thanks. |
_______________________________________________ Condor-users mailing list To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a subject: Unsubscribe You can also unsubscribe by visiting https://lists.cs.wisc.edu/mailman/listinfo/condor-users The archives can be found at: https://lists.cs.wisc.edu/archive/condor-users/