[Samba] bad password lockout on 4.2.4
James
lingpanda101 at gmail.com
Thu Sep 24 12:33:26 UTC 2015
On 9/24/2015 8:18 AM, mourik jan heupink wrote:
>>> [2015/09/24 13:51:35.185811, 3]
>>> ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
>>> auth_check_password_send: Checking password for unmapped user
>>> [DOMAIN\inraek]@[(null)]
>>> auth_check_password_send: mapped user is: [DOMAIN\inraek]@[(null)]
>>> [2015/09/24 13:51:35.186969, 3]
>>> ../libcli/auth/ntlm_check.c:236(hash_password_check)
>>> ntlm_password_check: Interactive logon: NT password check failed
>>> for user inraek
>>> [2015/09/24 13:51:35.187233, 2]
>>> ../source4/auth/ntlm/auth.c:429(auth_check_password_recv)
>>> auth_check_password_recv: sam_ignoredomain authentication for user
>>> [DOMAIN\inraek] FAILED with error NT_STATUS_WRONG_PASSWORD
>>
>> However... this is loglevel 10, and I still do not see WHERE this
>> auth request comes FROM. What IP.
>
> Should I be looking at full_audit vfs module? (note: sernet samba 4.2.4)
>
> If yes... something like:
>
> vfs_full_audit:failure = connect ?
>
> But then i also need to add "vfs objects = full_audit" to certain
> shares, and since I'm simply searching for details on failed
> authentication attempts, I'm not sure where to add that line...
>
> I could use a bit of help... anyone?
>
> MJ
>
I find this tool handy if using a Windows based machine.
http://www.microsoft.com/en-us/download/details.aspx?id=15201
Account Lockout Status (LockoutStatus.exe) is a combination command-line
and graphical tool that displays lockout information about a particular
user account.
--
-James
More information about the samba
mailing list