Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: nayanivijay on March 20, 2014, 11:07:55 am
-
I have a zentyal 3.3 server DC. I have created OUs and linked GPO to OU for account lockout policies.
Account Lockout Duration: 30min
Account Lockout Threshold: 5 invalid attempts
Reset Account lockout counter after: 30min
I have created a test account and logged in with an incorrect password more than 5 times to a machine. but the test account never locks and the computer never prompts me that the account has been locked out. All other policies that are set in this GPO are applying, but the Account Lockout policy does not work.
i think some hotfix might be available for this issue.
Can anyone please help with this issue?
-
please help me this is important for me.
-
no reply ?
-
hai....
i made gpo for screensaver and account lockout policy; screensaver is working fine but account lockout policy not at all working.
do you find any solution for account lockout policy
-
Did you use default group policy or create a new OU?
I've found using the default one was the only way to get the policy applied (older version of Zentyal so maybe no longer applies)
Another thing to test: Is it in computer policy or user policy and are they both being applied (check you windows event logs to verify)
-
thanks for the reply
tried on both, default one and as well as on new OU also
screensaver policy is working fine but not passwd policy and accnt lockout policy
-
Check computer policy is being applied. Either it is that or something missing in your group policy setup.
Screen Saver is going to be user policy, but lockout can't be as the user isn't logged in yet so that policy won't be applied.
Check the event logs for group policy on a client that fails.
-
Can i have any tutorial or the way you achieved for implementing this.
-
i did it again in fresh machines
machine1-zentyal
machine2-windows 7 ultimate 64bit with RSAT
machine3-windows 7 ultimate 64bit client
screensaver and deny removable storage access works fine, but password policy and account lockout policy not at all responding
is it possible to implement password policy and account lockout policy in scenario
-
Check the event logs for group policy on a client that fails.
-
The answer why it isn't working is really simple: the wrong password attempts tracking and accounts locking wasn't implemented in samba until version 4.2.0. So you have to wait until Zentyal updated samba to a version 4.2 or greater.
See samba release notes for further informations:
https://www.samba.org/samba/history/samba-4.2.0.html (https://www.samba.org/samba/history/samba-4.2.0.html)
-
Zentyal 4.2.2. Samba version: 4.3.4-Zentyal
Account lockout policies still not appliying. Rest of policies seem to apply correctly. Have to use pdbedit to set account lockout policies.
Still not implemented...? Anyone can confirm, please?