mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
795f4729ca
lastLogon is supposed to be updated for every interactive or kerberos login, and (according to testing against Windows2012r2) when the bad password count is non-zero but the lockout time is zero. It is not replicated. lastLogonTimestamp is updated if the old value is more than 14 - random.choice([0, 1, 2, 3, 4, 5]) days old, and it is replicated. The 14 in this calculation is the default, stored as "msDS-LogonTimeSyncInterval", which we offer no interface for changing. The authsam_zero_bad_pwd_count() function is a convenient place to update these values, as it is called upon a successful logon however that logon is performed. That makes the function's name inaccurate, so we rename it authsam_logon_success_accounting(). It also needs to be told whet5her the login is interactive. The password_lockout tests are extended to test lastLogon and lasLogonTimestamp. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> |
||
---|---|---|
.. | ||
gensec | ||
kerberos | ||
ntlm | ||
auth.h | ||
pyauth.c | ||
pyauth.h | ||
sam.c | ||
samba_server_gensec.c | ||
session.c | ||
session.h | ||
system_session.c | ||
unix_token.c | ||
wscript_build | ||
wscript_configure |