What bothers me is that samba is filling up my log files with a lot of extraneous/fake entries about authentication failures. "Extraneous/fake" - because all it is is a reflection of the way the protocol actually tries to login - going through the upper/lower case mutations as configured. sample log entries: ----------------------- Jun 30 19:40:35 dolphin PAM_pwdb[26988]: 1 authentication failure; (uid=0) -> root for samba serviceJun 30 19:40:36 dolphin last message repeated 4 times -------------------------------- Is there any way to have samba only log the really failed logins? (i.e. only if the password actually never matched - in any of these mutations that are automatically tried on a single connect) I really do want to use PAM - because of it's otherwise tight and nice integration with the operating system. What and where can I change this behaviour? BTW I am running samba-1.9.17p4 on Redhat 4.2, but I don't think the problem has changed even in 1.9.18p8 (at least not according to a colleague that I checked with)
On Thu, 2 Jul 1998, Urs Rau wrote:> What bothers me is that samba is filling up my log files with a lot of > extraneous/fake entries about authentication failures. "Extraneous/fake" - > because all it is is a reflection of the way the protocol actually tries to login - > going through the upper/lower case mutations as configured. > > sample log entries: > ----------------------- > Jun 30 19:40:35 dolphin PAM_pwdb[26988]: 1 authentication failure; (uid=0) - > > root for samba service > Jun 30 19:40:36 dolphin last message repeated 4 times > -------------------------------- > > Is there any way to have samba only log the really failed logins? (i.e. > only if the password actually never matched - in any of these mutations > that are automatically tried on a single connect) > > I really do want to use PAM - because of it's otherwise tight and nice integration > with the operating system. > > What and where can I change this behaviour?This can't be fixed in samba. samba does not log the password stuff, pam does. As I understand it, to fix this (a HUGE problem, considering the number of linux/samba boxes there are out there), you would need to move the "password level" stuff down into PAM_pwdb. For someone who knows the code, I wouldn't think that would be a HUGE problem. I don't know the code :-( Charlie Brady - Telstra |internet: cbrady@ind.tansu.com.au Network Products |Snail : Locked Bag 6581, GPO Sydney 2001 Australia Platform Technologies |Physical : Lvl 2, 175 Liverpool St, Sydney 2000 IN-Sub Unit - Sydney | Phone: +61 2 9206 3470 Fax: +61 2 9281 1301
Luke Kenneth Casson Leighton
1998-Jul-02 17:41 UTC
disable "fake" samba authentication error messages
On Thu, 2 Jul 1998, Charlie Brady wrote:> > On Thu, 2 Jul 1998, Urs Rau wrote: > > > What bothers me is that samba is filling up my log files with a lot of > > extraneous/fake entries about authentication failures. "Extraneous/fake" - > > because all it is is a reflection of the way the protocol actually tries to login - > > going through the upper/lower case mutations as configured.This is due to the Windows machines forcing the password to be uppercased. A cracking algorithm is applied, which can be short-circuited by asking your users to only use lower case letters in passwords. This will still allow numbers and non-numeric characters but may still not satisfy the truly paranoid. The alternative is to use encrypted passwords, and maintain the UNIX and NT / LM password databases seperately: there are tools to do this. Luke