I was hoping to set up fail2ban to block IP addresses that generate too many Samba password failures, but it needs a syslog message with the IP address of the computer that failed password authentication.
Unfortunately, Samba doesn't seem to do this in my environment. Here's a sample error message: smbd[312]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User brutus ! I tried turning on full_audit, and I see the audit messages for successful connections, but there aren't any audit messages for login failures. I used these settings: full_audit:failure = connect full_audit:success = connect disconnect full_audit:facility = local5 full_audit:priority = notice Can Samba be configured to log authentication errors with IP addresses? Or do we need to change the source? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba