[Samba] bad password lockout on 4.2.4

mourik jan heupink heupink at merit.unu.edu
Fri Sep 25 08:08:34 UTC 2015

> While with enough logging, you can work this out, it really isn't a
> good situation.
Ok, I have set log level to 10, but still don't see ip's. Are there 
additional loggins options that I don't know about..?

> I actually made a proposal for a really good fix here, with both
> improved logging (including those critical source IP/workstation
> details) and a database to store the authentication failures in (so you
> can search for them) to a client, but so far that hasn't proceeded.
That would be super. Right there ON the dc's is THE place to keep this 
info, rather than having to configure each and every client to log 
failed attempts to whatever central location.

> I agree, it can be tricky.
> Sorry this isn't as good as it should be, and best of luck chasing down
> the lockouts!

But how difficult/much work would it be to just add something to samba 
to log at least the coming-from ip address?

(your solution sounds perfect, but a major undertaking. A quick 
improvement could be to at least log the coming-from ip address in the 
DC log)


More information about the samba mailing list