[Samba] bad password lockout on 4.2.4

mourik jan heupink heupink at merit.unu.edu
Thu Sep 24 13:51:37 UTC 2015

Hi James,

> Another option is to have these events forwarded to a Syslog. I have
> enabled a few workstations through GPO to process 'Audit account logon
> events'. When a user enters a bad password or username. The event is
> triggered and sent to the syslog.
> I did the above because of the exact issue you are facing. I was unable
> to easily find these events by grepping the samba log files.
ok that sounds interesting, and I'll take a good look at it.

But if I understand it correctly, that would give me an overview of 
windows domain workstation logons, and it would not include any failed 
ldap authentication events to our AD, and such, right?

Asking because I can trigger the same errors though an web ldap logon, 
so therefore I think it could be caused by *any* of our ldap enabled 
services. (these all talk to the same three dc's)

More information about the samba mailing list