[Samba] bad password lockout on 4.2.4
mourik jan heupink
heupink at merit.unu.edu
Thu Sep 24 13:38:08 UTC 2015
For the same user I'm also seeing, in the DC logs:
> ntlm_password_check: Interactive logon: NT password check failed for user inraek
Would the above always be a windows domain worskstation logon?
On 09/24/2015 03:00 PM, mourik jan heupink wrote:
> Yes, I found out what DC. I need to know what is causing the failed
> authentication attemps, it could be:
> - windows workstation logons
> - dovecot
> - sogo
> - postfix
> - remote file access
> - any apache ldap authentication
> - any of the online intranet sites
> - you name it, it's all linked to our AD
> If I knew what IP address the attempted bind came from, I'd know where
> to start looking...
> On 09/24/2015 02:52 PM, James wrote:
>> On 9/24/2015 8:41 AM, mourik jan heupink wrote:
>>> Hi James,
>>>> I find this tool handy if using a Windows based machine.
>>>> Account Lockout Status (LockoutStatus.exe) is a combination
>>>> and graphical tool that displays lockout information about a particular
>>>> user account.
>>> Thanks for the tip, and I'll take a look, but judging from the link,
>>> this tool would not tell me WHERE the failed authentication attempts
>>> came from, right?
>>> Shouldn't there be an easy way to get this kind of info?
>> It should tell you the DC it came from. Do you need the the workstation?
More information about the samba