Web lists-archives.com

Re: [Samba] logline of account becoming NT_STATUS_ACCOUNT_LOCKED_OUT




On Sat, 2017-12-02 at 20:21 +0100, mj wrote:
> Hi Andrew,
> 
> On 12/02/2017 07:20 PM, Andrew Bartlett via samba wrote:
> > I'm sorry, but while we do log it, the news isn't good.
> > 
> > 		DEBUG(5, ("Locked out user %s after %d wrong passwords\n",
> > 			  ldb_dn_get_linearized(user_msg->dn), badPwdCount));
> > 
> > That will show up with level 5 globally.
> 
> Ok, patches are difficult now, as we've sponsored quite a lot this year.
> 
> But would it also be an idea to move this to a (much) lower log level? 
> Perhaps even at 1 or 2?

Sure, and it (and a lot of other messages) needs to be in the auth
logging context, either with 

#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH

at the top of the file, or by using:

DEBUGC(DBGC_AUTH, ("message"))

where it is mixed with other things. 

Could you have a go with at least this much, even if you can't move it
into the auth_audit stuff where it belongs? 

Of course I could write all the patches, but in asking that you have a
go with the patches I'm looking to spread the load a little, and you
have the need and the real-world test. 
 
> Locking accounts is such a *major* event, and log level 5 is SO high...

I agree.

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba