[Samba] bad password lockout on 4.2.4

Andrew Bartlett abartlet at samba.org
Thu Sep 24 19:05:50 UTC 2015

On Thu, 2015-09-24 at 09:03 +0200, mourik jan heupink wrote:
> Hi,
> Since two days, we upgraded from 4.1.17 to 4.2.4 (sernet, thanks!) 
> everything went well, and we have now implemented the bad password 
> lockout settings.
> We have some users now that complained twice that they cannot logon,
> and 
> indeed: their account was locked, unlocking did the job.
> But the question is: how can I find out more about the bad passwords 
> that were provided? Thinks like at what time, from what ip address,
> etc, 
> etc.

While with enough logging, you can work this out, it really isn't a
good situation.  

I actually made a proposal for a really good fix here, with both
improved logging (including those critical source IP/workstation
details) and a database to store the authentication failures in (so you
can search for them) to a client, but so far that hasn't proceeded.  

> I can't find much in the DC's logs, though I guess that is where to 
> look..? Is a certain minimum log level required perhaps?
> We have three dc's, one (separate) fileserver, one mail, and some
> other 
> services, all authenticating to our three dc's, so I guess those dc's
> would be the place to look...

I agree, it can be tricky.

Sorry this isn't as good as it should be, and best of luck chasing down
the lockouts!

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list