[Samba] Account lockouts caused by SAMBA + WinBind do not report "Caller Computer Name" in security audit

Eric Wheeler samba at lists.ewheeler.net
Mon Apr 9 17:49:59 UTC 2018

Hello all,

We are troubleshooting an issue that when SAMBA is joined to a Windows 
domain controller as a member server that has password failure lockouts 
configured, the Windows security auditing does not show the "Caller 
Computer Name" in the event ID generated (4740).

We are using Samba 4.6.2 from CentOS 7. We posted a Bugzilla at Red Hat 
here: https://bugzilla.redhat.com/show_bug.cgi?id=1563425

The Bugzilla request contains images showing the security audit issue.

Does anyone know what might cause this?

Eric Wheeler

More information about the samba mailing list