mirror of
https://github.com/samba-team/samba.git
synced 2025-03-01 04:58:35 +03:00
7870c0ca4c
lastLogon is supposed to be updated for every interactive or kerberos login, and (according to testing against Windows2012r2) when the bad password count is non-zero but the lockout time is zero. It is not replicated. lastLogonTimestamp is updated if the old value is more than 14 - random.choice([0, 1, 2, 3, 4, 5]) days old, and it is replicated. The 14 in this calculation is the default, stored as "msDS-LogonTimeSyncInterval", which we offer no interface for changing. The authsam_zero_bad_pwd_count() function is a convenient place to update these values, as it is called upon a successful logon however that logon is performed. That makes the function's name inaccurate, so we rename it authsam_logon_success_accounting(). It also needs to be told whet5her the login is interactive. The password_lockout tests are extended to test lastLogon and lasLogonTimestamp. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 795f4729ca94029fcee750fbebbe9bc3ea43a214) BUG: https://bugzilla.samba.org/show_bug.cgi?id=11659 lastLogon and lastLogonTimestamp are not updated