MCCALL,DON (HP-USA,ex1)
2002-May-29 05:53 UTC
[Samba] annoying authentication failure problem: sambatest[ho stname]
Hi Toni, This error is the result of a test that samba does in the module "server_validate", (in password.c) to check the password server for a bug where NT 4 (some versions) would not correctly set the guest bit. There is currently no smb.conf parameter to allow you to control this behavior, so to change it , you would need to actually hack the password.c module to disable it. Not difficult, but you would leave yourself open to a security hole, if the password server you are using (esp. if you have password server=* set in smb.conf) gets one of the versions of NT that has the bug after you have removed this protection. Most of us don't have control over our NT domains, so we can't guarantee this won't happen - thus our 'paranoia' in the code we CAN control ;->. Hope this helps, Don -----Original Message----- From: toni.niemi@swisslog.com [mailto:toni.niemi@swisslog.com] Sent: Wednesday, May 29, 2002 6:09 To: samba@lists.samba.org Subject: [Samba] annoying authentication failure problem: sambatest[hostname] Hello, I have a little problem which appeared when I installed first 2.2 generation sambaserver on linux and same effect when updated 2.0.3 to 2.2.2 on hp-ux. The actual problem is that my security servers log (NT4 server) get's failure message every time someone connects to samba share which is quite log and it get's frustrating to search real information from logs when this failure message fills log. Fortunately the service works fine and this problem is transparent to a user but bothers administration... If someone would have a tip to remove this feature it will be highly appreciated. about authentication settings security=server password server=[NT4 servername] which is also pdc the error message from nt eventviewer security log: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 29.5.2002 Time: 12:32:50 User: NT AUTHORITY\SYSTEM Computer: [COMPUTERNAME] Description: Logon Failure: Reason: Unknown user name or bad password User Name: SAMBATEST[SAMBASERVERNAME] Domain: CIMCORP Logon Type: 3 Logon Process: KSecDD Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: \\[SAMBASERVERNAME] Best regards, Toni Niemi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Andrew Bartlett
2002-May-29 07:11 UTC
[Samba] annoying authentication failure problem: sambatest[hostname]
"MCCALL,DON (HP-USA,ex1)" wrote:> > Hi Toni, > This error is the result of a test that samba does in the module > "server_validate", (in password.c) to check the password server for a bug > where NT 4 (some versions) would not correctly set the guest bit. > There is currently no smb.conf parameter to allow you to control this > behavior, so to change it , you would need to actually hack the password.c > module to disable it. > Not difficult, but you would leave yourself open to a security hole, if the > password server you are using (esp. if you have password server=* set in > smb.conf) gets one of the versions of NT that has the bug after you have > removed this protection. > Most of us don't have control over our NT domains, so we can't guarantee > this won't happen - thus our 'paranoia' in the code we CAN control ;->. > Hope this helps, > DonThe only other thing to remember is that if you are running NT domains, you really should use 'security=domain'. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net