[Samba] bad password lockout on 4.2.4
mourik jan heupink
heupink at merit.unu.edu
Thu Sep 24 12:18:31 UTC 2015
>> [2015/09/24 13:51:35.185811, 3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
>> auth_check_password_send: Checking password for unmapped user [DOMAIN\inraek]@[(null)]
>> auth_check_password_send: mapped user is: [DOMAIN\inraek]@[(null)]
>> [2015/09/24 13:51:35.186969, 3] ../libcli/auth/ntlm_check.c:236(hash_password_check)
>> ntlm_password_check: Interactive logon: NT password check failed for user inraek
>> [2015/09/24 13:51:35.187233, 2] ../source4/auth/ntlm/auth.c:429(auth_check_password_recv)
>> auth_check_password_recv: sam_ignoredomain authentication for user [DOMAIN\inraek] FAILED with error NT_STATUS_WRONG_PASSWORD
> However... this is loglevel 10, and I still do not see WHERE this auth request comes FROM. What IP.
Should I be looking at full_audit vfs module? (note: sernet samba 4.2.4)
If yes... something like:
vfs_full_audit:failure = connect ?
But then i also need to add "vfs objects = full_audit" to certain
shares, and since I'm simply searching for details on failed
authentication attempts, I'm not sure where to add that line...
I could use a bit of help... anyone?
More information about the samba