[Samba] bad password lockout on 4.2.4

mourik jan heupink heupink at merit.unu.edu
Thu Sep 24 12:18:31 UTC 2015

>> [2015/09/24 13:51:35.185811,  3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
>>   auth_check_password_send: Checking password for unmapped user [DOMAIN\inraek]@[(null)]
>>   auth_check_password_send: mapped user is: [DOMAIN\inraek]@[(null)]
>> [2015/09/24 13:51:35.186969,  3] ../libcli/auth/ntlm_check.c:236(hash_password_check)
>>   ntlm_password_check: Interactive logon: NT password check failed for user inraek
>> [2015/09/24 13:51:35.187233,  2] ../source4/auth/ntlm/auth.c:429(auth_check_password_recv)
>>   auth_check_password_recv: sam_ignoredomain authentication for user [DOMAIN\inraek] FAILED with error NT_STATUS_WRONG_PASSWORD
> However... this is loglevel 10, and I still do not see WHERE this auth request comes FROM. What IP.

Should I be looking at full_audit vfs module? (note: sernet samba 4.2.4)

If yes... something like:

vfs_full_audit:failure = connect  ?

But then i also need to add "vfs objects = full_audit" to certain 
shares, and since I'm simply searching for details on failed 
authentication attempts, I'm not sure where to add that line...

I could use a bit of help... anyone?


More information about the samba mailing list