Bug 12691 - Account lockout threshold not working correctly
Summary: Account lockout threshold not working correctly
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.4.5
Hardware: x64 Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2017-03-15 14:45 UTC by trenta
Modified: 2019-09-06 08:29 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description trenta 2017-03-15 14:45:42 UTC

I have detected that with samba 4.4.5 Account lockout threshold (attempts) is not working correctly.

If you configure Account lockout threshold (attempts): 5, and then you try to login with incorrect password, It seems that badPwdCount is not correct, this attribute increase with every incorrect password 2, from 0, 2 ,4 and 5 and then account is locked at third attempt and not 5.

then If you configure 10, account is locked at 5 attempt (0, 2, 4, 6, 8, 10)

Samba used is 4.4.5 and compiled from sources

Anybody can help?

Comment 1 Stefan Metzmacher 2019-07-31 13:05:13 UTC
In my recent tests on bug #14054 I that it works fine in current releases
Comment 2 trenta 2019-09-06 08:29:57 UTC
Confirmed with 4.10.7 and samba-tool domain passwordsettings set --account-lockout-threshold=5

now conts correctly, with 4.4.5 was failing and now works