[Samba] User accounts being blocked
Klaus Hartnegg
hartnegg at uni-freiburg.de
Fri Aug 19 18:04:18 UTC 2016
Windows has some "features" which can create a lot of fake invalid logon
attempts.
Windows remembers userids and passwords until logout, and whenever you
want to access a protected share, it automatically first tries with
stored passwords, before showing a password prompt.
If users are using local accounts (for example on their personal
notebooks), and have different username or password on the server,
Windows will always first try to log in to the server with the local
credentials.
Also Windows remembers all shares that you ever used (unless you connect
always with "net use share /user:xxx * /persistent:no", or you remove
them with "net use share /delete"), and Windows tries to access all
previously known shares many times, for example each time you open Explorer.
If you revoke a user the right to access a share, which they previously
used, and they do not specifically disconnect from it, Windows will keep
trying many times per day to access it.
Maybe some users once clicked on "remember password", and later changed
the password on the server. Now some of their devices (maybe a
smartphone) silently keeps trying with the old password.
More information about the samba
mailing list