Bug 11998 - include IP in the logs with failed authentication attempts
include IP in the logs with failed authentication attempts
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.4.4
All All
: P5 enhancement
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-26 13:37 UTC by heupink
Modified: 2016-06-26 13:37 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description heupink 2016-06-26 13:37:55 UTC
Currently failed auth requests are logged as:

auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\thisuser] FAILED with error NT_STATUS_NO_SUCH_USER
auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\thatuser] FAILED with error NT_STATUS_WRONG_PASSWORD

On the mailinglist the request to include the remote IP address has come up several times.

Jeremy Allision replied: "We should probably have something in the server that logs this as an official "event".

I filed this RFE by request of Jeremy Allision, see here:
https://lists.samba.org/archive/samba/2016-June/200714.html