[Samba] bad password lockout on 4.2.4
abartlet at samba.org
Thu Sep 24 19:05:50 UTC 2015
On Thu, 2015-09-24 at 09:03 +0200, mourik jan heupink wrote:
> Since two days, we upgraded from 4.1.17 to 4.2.4 (sernet, thanks!)
> everything went well, and we have now implemented the bad password
> lockout settings.
> We have some users now that complained twice that they cannot logon,
> indeed: their account was locked, unlocking did the job.
> But the question is: how can I find out more about the bad passwords
> that were provided? Thinks like at what time, from what ip address,
While with enough logging, you can work this out, it really isn't a
I actually made a proposal for a really good fix here, with both
improved logging (including those critical source IP/workstation
details) and a database to store the authentication failures in (so you
can search for them) to a client, but so far that hasn't proceeded.
> I can't find much in the DC's logs, though I guess that is where to
> look..? Is a certain minimum log level required perhaps?
> We have three dc's, one (separate) fileserver, one mail, and some
> services, all authenticating to our three dc's, so I guess those dc's
> would be the place to look...
I agree, it can be tricky.
Sorry this isn't as good as it should be, and best of luck chasing down
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba