[Samba] Samba 4.2 Account Lockout logging
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Wed Apr 15 18:41:31 MDT 2015
hi Luke,
> We are using the account lockout feature in Samba 4.2. Unfortunately
> my own account is being locked out overnight and I can't figure out
> where from :-( Is there a level of logging on a Samba4 DC I can use
> to record the source address of any authentication failures, be they
> with Kerberos or native LDAP?
I don't think you get a definite source address, but with LDAP the
alleged workstation name is logged at level 3. It'll look something
like this:
auth_check_password_send: mapped user is:
[domain]\[account]@[workstation]
The workstation name can be spoofed.
I am not sure about Kerberos. You may be out of luck.
For the file server, you can set the log file to be "log.%I" and the
%I will expand into the client IP address.
cheers,
Douglas
More information about the samba
mailing list