Good afternoon. I'm having issues with one of the users in my samba AD (samba 4.10.8 compiled from source) which is constantly getting his account locked out. As I wrote in another message yesterday I'm trying to get debug info of the auth events but that isn't working so I just turned the whole log level up to 10 and grepping in the log files I can't find this users username except in some old entries not related to the current issue. What else could I try to debug the account lock out issue with this user? Thanks in advance! Best regards, David Wells.
On 30/10/2019 16:23, David Wells via samba wrote:> Good afternoon. > > I'm having issues with one of the users in my samba AD (samba 4.10.8 compiled from source) which is constantly getting his account locked out. As I wrote in another message yesterday I'm trying to get debug info of the auth events but that isn't working so I just turned the whole log level up to 10 and grepping in the log files I can't find this users username except in some old entries not related to the current issue. What else could I try to debug the account lock out issue with this user? > > Thanks in advance! > Best regards, > David Wells. >It sounds like something is trying to auth using an old password (email account ?), but the logging should work. I use this in [global] on a Samba 4.10.8 DC: log level = 1 auth_audit:2@/var/log/samba/auth.log This logs authentication failures to /var/log/samba/auth.log Rowland
Rowland, thank you very much for your response.
I modified the smb.conf file as instructed so that it has the following linelog
level = 1 auth:3 auth_audit:3@/var/log/samba/auth.log
and I executed the command smbcontrol all reload-config
I now have a file called /var/log/samba/auth.log. I have unlocked the users
account a couple of times and allways a couple of seconds later the account
locks out again and the auth.log file is still empty.
Thank you very much again.
Best regards,
David Wells.
El mi?rcoles, 30 de octubre de 2019 13:56:01 ART, Rowland penny via samba
<samba at lists.samba.org> escribi?:
On 30/10/2019 16:23, David Wells via samba wrote:> Good afternoon.
>
> I'm having issues with one of the users in my samba AD (samba 4.10.8
compiled from source) which is constantly getting his account locked out. As I
wrote in another message yesterday I'm trying to get debug info of the auth
events but that isn't working so I just turned the whole log level up to 10
and grepping in the log files I can't find this users username except in
some old entries not related to the current issue. What else could I try to
debug the account lock out issue with this user?
>
> Thanks in advance!
> Best regards,
> David Wells.
>
It sounds like something is trying to auth using an old password (email
account ?), but the logging should work. I use this in [global] on a
Samba 4.10.8 DC: log level = 1 auth_audit:2@/var/log/samba/auth.log
This logs authentication failures to /var/log/samba/auth.log
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:? https://lists.samba.org/mailman/options/samba
I now modified the log level line of the smb.conf file to read what follows
log level = 1 auth_audit:5@/var/log/samba/auth.log
Now I'm getting logging in the auth.log file. However aI unlocked the users
account and again, after a couple of seconds the account was again locked out.
However I can't find this user's username in the log.
El mi?rcoles, 30 de octubre de 2019 13:56:01 ART, Rowland penny via samba
<samba at lists.samba.org> escribi?:
On 30/10/2019 16:23, David Wells via samba wrote:> Good afternoon.
>
> I'm having issues with one of the users in my samba AD (samba 4.10.8
compiled from source) which is constantly getting his account locked out. As I
wrote in another message yesterday I'm trying to get debug info of the auth
events but that isn't working so I just turned the whole log level up to 10
and grepping in the log files I can't find this users username except in
some old entries not related to the current issue. What else could I try to
debug the account lock out issue with this user?
>
> Thanks in advance!
> Best regards,
> David Wells.
>
It sounds like something is trying to auth using an old password (email
account ?), but the logging should work. I use this in [global] on a
Samba 4.10.8 DC: log level = 1 auth_audit:2@/var/log/samba/auth.log
This logs authentication failures to /var/log/samba/auth.log
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:? https://lists.samba.org/mailman/options/samba
I now entered the incorrect password for my own account in a workstation and I
can't see in auth.log an event showing this
El mi?rcoles, 30 de octubre de 2019 13:56:01 ART, Rowland penny via samba
<samba at lists.samba.org> escribi?:
On 30/10/2019 16:23, David Wells via samba wrote:> Good afternoon.
>
> I'm having issues with one of the users in my samba AD (samba 4.10.8
compiled from source) which is constantly getting his account locked out. As I
wrote in another message yesterday I'm trying to get debug info of the auth
events but that isn't working so I just turned the whole log level up to 10
and grepping in the log files I can't find this users username except in
some old entries not related to the current issue. What else could I try to
debug the account lock out issue with this user?
>
> Thanks in advance!
> Best regards,
> David Wells.
>
It sounds like something is trying to auth using an old password (email
account ?), but the logging should work. I use this in [global] on a
Samba 4.10.8 DC: log level = 1 auth_audit:2@/var/log/samba/auth.log
This logs authentication failures to /var/log/samba/auth.log
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:? https://lists.samba.org/mailman/options/samba