I've just installed Samba 2.2.3a on AIX 5.2. We're using a NT password server to authenticate username/password. Our NT guru's are complaining that there're seeing several authentication failures events with an account called "sambatest" which is not a valid userid on our site. It looks like some type of polling that Samba is doing. This is part of the errors they are seeing: Logon Failure: Reason: Unknown user name or bad password User Name: sambatestHOSTNAME Domain: OURDOMAIN In my smb.conf file I'm using: security = SERVER How can we stop these errors from occurring? We are getting a login screen to login to the network and when we try we get the same message over and over. Georges's Inc. 402 W. Robinson Springdale, AR 72764 ( 479-927-7134 2 479-927-7101 * rrafiee@georgesinc.com <mailto:rrafiee@georgesinc.com>
Andrew Bartlett
2004-Feb-17 10:42 UTC
security=server has many failings (was: Re: [Samba] Any help will be great. THX.)
On Tue, 2004-02-17 at 09:30, reza.rafiee@GEORGESINC.COM wrote:> I've just installed Samba 2.2.3a on AIX 5.2. We're using a NT password > server to authenticate username/password. Our NT guru's are complaining > that there're seeing several authentication failures events with an account > called "sambatest" which is not a valid userid on our site. It looks like > some type of polling that Samba is doing. > > This is part of the errors they are seeing: > > Logon Failure: > Reason: Unknown user name or bad password > User Name: sambatestHOSTNAME > Domain: OURDOMAIN > > In my smb.conf file I'm using: > > security = SERVER > > How can we stop these errors from occurring? > > > We are getting a login screen to login to the network and when we try we get > the same message over and over.Some versions of NT are prone to allowing any user to log in, no matter what the password. This is fine for NT, as it knows the user is just a guest, but we can't tell, so 'security=server' fails. So we check, and clock up the bad logins. Instead, you should set 'security=domain' and join the domain per the documentation (smbpasswd -j -Uadministrator -r PDC should do that) This uses the native NT logon protocols, which don't suffer from this kind of bug. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040217/181566c7/attachment.bin
Seemingly Similar Threads
- config php,per & cgi in apache
- sorting ascending descending! & THX@coling
- follow-up to thread : Acces to hypervisor from a KVM guest, ( by the way , how to enter a follow up in a thread ?) Thx
- Fwd: I need help with an R function! Thx!
- Samba4 PDC to Samba4 DC works great, Win2003 PDC to Samba4 DC not so great