[Samba] Samba 4.2 Account Lockout logging
James
lingpanda101 at gmail.com
Thu Apr 16 08:35:20 MDT 2015
On 4/15/2015 8:41 PM, Douglas Bagnall wrote:
> hi Luke,
>
>> We are using the account lockout feature in Samba 4.2. Unfortunately
>> my own account is being locked out overnight and I can't figure out
>> where from :-( Is there a level of logging on a Samba4 DC I can use
>> to record the source address of any authentication failures, be they
>> with Kerberos or native LDAP?
> I don't think you get a definite source address, but with LDAP the
> alleged workstation name is logged at level 3. It'll look something
> like this:
>
> auth_check_password_send: mapped user is:
> [domain]\[account]@[workstation]
>
> The workstation name can be spoofed.
>
> I am not sure about Kerberos. You may be out of luck.
>
> For the file server, you can set the log file to be "log.%I" and the
> %I will expand into the client IP address.
>
> cheers,
> Douglas
On a Windows box you can install Microsoft's Account Lockout Status
tool. It will provide additional details that may be beneficial.
http://www.microsoft.com/en-us/download/details.aspx?id=15201
--
-James
More information about the samba
mailing list