smc+samba@dogphilosophy.net
2005-May-19 23:11 UTC
[Samba] Samba "spamming" Windows ADS server event logs with "pre-authentication failure"?
It appears that for some odd reason, all of the samba machines on our network are causing frequent "pre-authentication error" events for the machine name to clog the event logs on the "ActiveDirectory" server. What's strange is that everything otherwise appears to be working - users can connect to samba shares and authenticate to the ADS server, but the event logs on the ADS server (Windows 2000) gets a mess of Event 675's every few minutes, with the machine account identified as the "user" attempting to connect. kinit administrator@(DOMAIN).COM works fine. smbclient -k works fine. getent successfully pulls group info from the ActiveDirectory server. "net ads join" says it is updating the machine account entry successfully (in the process causing a whole slew of additional "pre-authentication failure" lines in the event logs again...). I haven't been able to figure out what's causing it. The fact that I don't quite understand what's going on between the Samba ADS member server and the ADS server itself doesn't help... Supposedly, the error is "wrong password" ("Pre-Authentication Type: 0x0 Failure Code 0x19"). Is the machine account's password screwed up such that I need to do something 'special' to fix it? This appears to be happening with Samba 3.0.9 (Suse 9.2 Pro), Samba 3.0.11 (Slackware), and Samba 3.0.15pre2 (Slackware). Any pointers regarding where to look for the problem would be much appreciated. If it helps, here's the smb.conf (sanitized for my protection...) # Global parameters [global] workgroup = WINDOMAIN realm = DOMAIN.COM server string = Samba Experimental security = ADS username map = /etc/samba/smbusers log file = /var/log/samba.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = 192.168.1.2, 192.168.1.7 idmap uid = 15000-20000 idmap gid = 15000-20000 template shell = /bin/bash winbind separator = + winbind use default domain = Yes hosts allow = 192.168.1., 127. use sendfile = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [test] comment = test drive path = /tmp/temp read only = No guest ok = Yes