[Samba] logline of account becoming NT_STATUS_ACCOUNT_LOCKED_OUT
Andrew Bartlett
abartlet at samba.org
Sat Dec 2 18:20:38 UTC 2017
On Sat, 2017-12-02 at 15:27 +0100, mj via samba wrote:
> Hi,
>
> I am trying to capture from the logs the moment that samba locks an
> account. (because of too many failed logon attempts)
>
> This is samba 4.7.2, with:
> > log level = 1 auth_audit:3
> We are using swatch to monitor the logs, and we would like to send an
> email notification when an account becomes NT_STATUS_ACCOUNT_LOCKED_OUT
>
> Does anyone know what log level for what 'component' is required, to get
> a samba to log the actual LOCK when it takes place?
I'm sorry, but while we do log it, the news isn't good.
DEBUG(5, ("Locked out user %s after %d wrong passwords\n",
ldb_dn_get_linearized(user_msg->dn), badPwdCount));
That will show up with level 5 globally.
Patches (with tests) to have it moved to the auth_audit infrastructure
would be most welcome :-)
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list