[Samba] bad password lockout on 4.2.4
lingpanda101 at gmail.com
Thu Sep 24 12:33:26 UTC 2015
On 9/24/2015 8:18 AM, mourik jan heupink wrote:
>>> [2015/09/24 13:51:35.185811, 3]
>>> auth_check_password_send: Checking password for unmapped user
>>> auth_check_password_send: mapped user is: [DOMAIN\inraek]@[(null)]
>>> [2015/09/24 13:51:35.186969, 3]
>>> ntlm_password_check: Interactive logon: NT password check failed
>>> for user inraek
>>> [2015/09/24 13:51:35.187233, 2]
>>> auth_check_password_recv: sam_ignoredomain authentication for user
>>> [DOMAIN\inraek] FAILED with error NT_STATUS_WRONG_PASSWORD
>> However... this is loglevel 10, and I still do not see WHERE this
>> auth request comes FROM. What IP.
> Should I be looking at full_audit vfs module? (note: sernet samba 4.2.4)
> If yes... something like:
> vfs_full_audit:failure = connect ?
> But then i also need to add "vfs objects = full_audit" to certain
> shares, and since I'm simply searching for details on failed
> authentication attempts, I'm not sure where to add that line...
> I could use a bit of help... anyone?
I find this tool handy if using a Windows based machine.
Account Lockout Status (LockoutStatus.exe) is a combination command-line
and graphical tool that displays lockout information about a particular
More information about the samba