eexodus
Dabbler
- Joined
- Aug 31, 2016
- Messages
- 39
I'm not sure if FreeNAS can offer any solutions since the issue is on Window's side, but I'm seeking advice. I have two FreeNAS servers bound to Active Directory and hosting SMB shares. Many of my users access these SMB shares from non-domain personal computers; connecting to FreeNAS with "domain\user". When users update their passwords in Active Directory this often triggers an SMB bruteforce attack alert from my Network Security team because Windows will continue trying the old password hundreds of times per second. Domain policy is the default account lockout after 8 failed attempts, but that obviously doesn't stop Credential Manager from trying from the client. The current solution is to help the user clear all saved credentials from Credential Manager and let Network Security know it was just an old cached login. Long-term this has become a drag. This isn't sane behavior from Windows. It mostly occurs with Windows 7 but I've seen it happen with Windows 10 as well. I simply never see this from Mac or Linux clients. With the issue only occurring on personal devices (local accounts) my options are limited but I'm hoping for suggestions!
Last edited: