[Samba] bad password lockout on 4.2.4

mourik jan heupink heupink at merit.unu.edu
Thu Sep 24 08:11:35 UTC 2015


In the logs I can find lines like:

> auth_check_password_recv: sam_ignoredomain authentication for user
> [DOMAIN\inraek] FAILED with error NT_STATUS_ACCOUNT_LOCKED_OUT

But there are no lines indicating failed authentication attempts. I'm 
trying to find out WHY the account is locked.

On 09/24/2015 09:03 AM, mourik jan heupink wrote:
> Hi,
>
> Since two days, we upgraded from 4.1.17 to 4.2.4 (sernet, thanks!)
> everything went well, and we have now implemented the bad password
> lockout settings.
>
> We have some users now that complained twice that they cannot logon,
> and indeed: their account was locked, unlocking did the job.
>
> But the question is: how can I find out more about the bad passwords
>  that were provided? Thinks like at what time, from what ip address,
> etc, etc.
>
> I can't find much in the DC's logs, though I guess that is where to
> look..? Is a certain minimum log level required perhaps?
>
> We have three dc's, one (separate) fileserver, one mail, and some
> other services, all authenticating to our three dc's, so I guess
> those dc's would be the place to look...
>
> Thanks in advance, MJ
>



More information about the samba mailing list