Quantcast

Log Level and Failed Authentication Attempts

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Log Level and Failed Authentication Attempts

Samba - General mailing list
Hello Samba Friends,

For those of you who have had to sift through Samba logs for clues on how to determine what caused an account to lock after repeated failed logon attempts, what "log level" settings have you found to be most helpful?

Thanks,
Matthew

©2017 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Log Level and Failed Authentication Attempts

Samba - General mailing list
Hey Samba Friends,

Maybe the below question is too general. How about this: I’ve set my "log level = auth:10" in the global parameters of my smb.conf file.

I then purposely failed to log into an account on my Windows 10 machine until the account was locked.

I’ve run the following command where x equals the syslog, the log.samba, log.smbd and log.winbindd, and username is the name of my test user account:

tail -n 3000 x | grep -A 1 username

Nothing appears.

Is it possible to get samba to log those failed attempts? If so, how, and in which file should I expect to see it?

Thanks,
Matthew

> On 2017.04.20, at 11:49 AM, Matthew Delfino via samba <[hidden email]> wrote:
>
> Hello Samba Friends,
>
> For those of you who have had to sift through Samba logs for clues on how to determine what caused an account to lock after repeated failed logon attempts, what "log level" settings have you found to be most helpful?
>
> Thanks,
> Matthew


©2017 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...