[Samba] User accounts being blocked

James Crouch jcrouch at decisionanalyst.com
Fri Aug 19 18:04:56 UTC 2016 

Ricardo,
I am very sure this is a bug that has a fix in the 4.5rc version of Samba.
I am not having any luck finding the bug page for this though though.

You can increase the log levels to 4 (I think) or greater to see what is
happening. I set my log level to 10 when I investigated this, but that
generates a huge amount of info to shift through.

>From what I understand, after attempting to authenticate on a Windows
workstation the workstation sends a authentication request to the Samba
server. Windows then expects a certain reply from the Samba server. If
Windows does not see the reply it wants, then the workstation sends the
request again. If there was a bad password entered during authentication
request, then Samba would see multiple bad password attempts coming from
the workstation and would lock the account out after it reaches the lockout
threshold.

I wanted a lockout threshold of 3 on my systems, so I ended up setting this
to 6 since it seems to increase the bad password count by 2 on average for
each bad password attempt on my systems. I have seen it increase the bad
password count by up to 4 for a single bad password attempt though.
Thanks,
-James Crouch

On Fri, Aug 19, 2016 at 12:21 PM, Ricardo Pardim Claus via samba <
samba at lists.samba.org> wrote:

>
>
> Dear,
> I've been noticing that constantly, some user accounts has been repeatedly
> blocked.
> We use DC Samba 4.4.5.
>
> Here we have a blocking policy, if the wrong password is entered more than
> 5 times. But most users say they do not screwed up the password. They
> perform the log at the beginning of working hours. After a while, they
> block the session and when they try to log on again, the message of blocked
> account.
>
> The same thing happened with two users who work with me. And today I
> experienced the problem, rebooted my desktop when I perform logon, I
> received the message that the account was blocked.
> We perform other test. We managed to block an account with only 3 attempts
> to wrong password.
>
> Someone can tell me where I can check the Samba logs the account lockout
> reason?
>
> We performed a search on all machines and servers, the search for malware,
> but nothing was found.
>
> Thank you!
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list