[Samba] Samba 4.2 Account Lockout logging

James lingpanda101 at gmail.com
Thu Apr 16 08:35:20 MDT 2015

On 4/15/2015 8:41 PM, Douglas Bagnall wrote:
> hi Luke,
>> We are using the account lockout feature in Samba 4.2. Unfortunately
>> my own account is being locked out overnight and I can't figure out
>> where from :-( Is there a level of logging on a Samba4 DC I can use
>> to record the source address of any authentication failures, be they
>> with Kerberos or native LDAP?
> I don't think you get a definite source address, but with LDAP the
> alleged workstation name is logged at level 3. It'll look something
> like this:
>     auth_check_password_send: mapped user is:
> [domain]\[account]@[workstation]
> The workstation name can be spoofed.
> I am not sure about Kerberos. You may be out of luck.
> For the file server, you can set the log file to be "log.%I" and the
> %I will expand into the client IP address.
> cheers,
> Douglas
On a Windows box you can install Microsoft's Account Lockout Status
tool. It will provide additional details that may be beneficial.



More information about the samba mailing list