[Samba] bad password lockout on 4.2.4

mourik jan heupink heupink at merit.unu.edu
Thu Sep 24 07:03:01 UTC 2015


Since two days, we upgraded from 4.1.17 to 4.2.4 (sernet, thanks!) 
everything went well, and we have now implemented the bad password 
lockout settings.

We have some users now that complained twice that they cannot logon, and 
indeed: their account was locked, unlocking did the job.

But the question is: how can I find out more about the bad passwords 
that were provided? Thinks like at what time, from what ip address, etc, 

I can't find much in the DC's logs, though I guess that is where to 
look..? Is a certain minimum log level required perhaps?

We have three dc's, one (separate) fileserver, one mail, and some other 
services, all authenticating to our three dc's, so I guess those dc's 
would be the place to look...

Thanks in advance,

More information about the samba mailing list