[Samba] Samba 4.2 Account Lockout logging
lingpanda101 at gmail.com
Thu Apr 16 08:35:20 MDT 2015
On 4/15/2015 8:41 PM, Douglas Bagnall wrote:
> hi Luke,
>> We are using the account lockout feature in Samba 4.2. Unfortunately
>> my own account is being locked out overnight and I can't figure out
>> where from :-( Is there a level of logging on a Samba4 DC I can use
>> to record the source address of any authentication failures, be they
>> with Kerberos or native LDAP?
> I don't think you get a definite source address, but with LDAP the
> alleged workstation name is logged at level 3. It'll look something
> like this:
> auth_check_password_send: mapped user is:
> The workstation name can be spoofed.
> I am not sure about Kerberos. You may be out of luck.
> For the file server, you can set the log file to be "log.%I" and the
> %I will expand into the client IP address.
On a Windows box you can install Microsoft's Account Lockout Status
tool. It will provide additional details that may be beneficial.
More information about the samba