One domain user is locked out sometimes

nostromox · January 14, 2019, 7:55am

Hello,

1 user of our domain (UCS is the PDC) sometimes get locked out, after upgrade from UCS 4.1.x to 4.2-5:

root@ucserver:~# pdbedit -Lv grafiker
Unix username: grafiker
NT username:
Account Flags: [ULX ]
User SID: S-1-5-21-2902894301-3245935281-2313464785-1138
Primary Group SID: S-1-5-21-2902894301-3245935281-2313464785-513
Full Name: xxxxxx
Home Directory:
HomeDir Drive: (null)
Logon Script: SBS_LOGIN_SCRIPT.bat
Profile Path:
Domain:
Account desc:
Workstations:
Munged dial:
Logon time: Mo, 14 Jan 2019 08:04:43 CET
Logoff time: never
Kickoff time: Do, 14 Sep 30828 04:48:05 CEST
Password last set: Do, 10 Jan 2019 15:12:35 CET
Password can change: Do, 10 Jan 2019 15:12:35 CET
Password must change: Di, 19 Jan 2038 04:14:07 CET
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

With “pdbedit -c -u grafiker” i can re-enable logons with this user.

Where can i see why the lockout happens?
We don´t have set any password lockout policy, for information.

Thank you for helping me!!

nostromox · January 15, 2019, 8:49pm

No ideas? :-/

Thanks

externa1 · January 15, 2019, 9:37pm

the account flag “L” says the user is automatically locked - in normal this get set through entering wrong password too often if this is configured

maybe someone tries your account with wrong password ?

look at domain settings:
Auswahl_019

rg
Christian

nostromox · January 15, 2019, 11:29pm

Ok, my setting is:
Account lockout threshold (attempts): 50

Before i set this to 0 (=no lockout?), i would like to know which ip makes the bad logon attempts.
Where are these accesses logged? In log/auth.log i can’t find anything suspicious…

Best regards.

nostromox · January 15, 2019, 11:34pm

I have found this:

Is this the registry var “samba/debug/level”? I would try to set this to 2, or 3?