The Samba-Bugzilla – Bug 11998
include IP in the logs with failed authentication attempts
Last modified: 2016-06-26 13:37:55 UTC
Currently failed auth requests are logged as:
auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\thisuser] FAILED with error NT_STATUS_NO_SUCH_USER
auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\thatuser] FAILED with error NT_STATUS_WRONG_PASSWORD
On the mailinglist the request to include the remote IP address has come up several times.
Jeremy Allision replied: "We should probably have something in the server that logs this as an official "event".
I filed this RFE by request of Jeremy Allision, see here: