[Samba] bad password lockout on 4.2.4
mourik jan heupink
heupink at merit.unu.edu
Fri Sep 25 08:08:34 UTC 2015
> While with enough logging, you can work this out, it really isn't a
> good situation.
Ok, I have set log level to 10, but still don't see ip's. Are there
additional loggins options that I don't know about..?
> I actually made a proposal for a really good fix here, with both
> improved logging (including those critical source IP/workstation
> details) and a database to store the authentication failures in (so you
> can search for them) to a client, but so far that hasn't proceeded.
That would be super. Right there ON the dc's is THE place to keep this
info, rather than having to configure each and every client to log
failed attempts to whatever central location.
> I agree, it can be tricky.
>
> Sorry this isn't as good as it should be, and best of luck chasing down
> the lockouts!
But how difficult/much work would it be to just add something to samba
to log at least the coming-from ip address?
(your solution sounds perfect, but a major undertaking. A quick
improvement could be to at least log the coming-from ip address in the
DC log)
MJ
More information about the samba
mailing list