[Samba] bad password lockout on 4.2.4
Andrew Bartlett
abartlet at samba.org
Thu Sep 24 19:05:50 UTC 2015
On Thu, 2015-09-24 at 09:03 +0200, mourik jan heupink wrote:
> Hi,
>
> Since two days, we upgraded from 4.1.17 to 4.2.4 (sernet, thanks!)
> everything went well, and we have now implemented the bad password
> lockout settings.
>
> We have some users now that complained twice that they cannot logon,
> and
> indeed: their account was locked, unlocking did the job.
>
> But the question is: how can I find out more about the bad passwords
> that were provided? Thinks like at what time, from what ip address,
> etc,
> etc.
While with enough logging, you can work this out, it really isn't a
good situation.
I actually made a proposal for a really good fix here, with both
improved logging (including those critical source IP/workstation
details) and a database to store the authentication failures in (so you
can search for them) to a client, but so far that hasn't proceeded.
> I can't find much in the DC's logs, though I guess that is where to
> look..? Is a certain minimum log level required perhaps?
>
> We have three dc's, one (separate) fileserver, one mail, and some
> other
> services, all authenticating to our three dc's, so I guess those dc's
> would be the place to look...
I agree, it can be tricky.
Sorry this isn't as good as it should be, and best of luck chasing down
the lockouts!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list