HPE Community
Operating System - HP-UX
1827293 Members
3606 Online
109717 Solutions
New Discussion

Re: sambatest$HOSTNAME

 
SOLVED
Go to solution
Geoff Wild
Honored Contributor

‎06-03-2004 04:33 AM

‎06-03-2004 04:33 AM

sambatest$HOSTNAME

I have several Samba servers (HP CIFS as well as a couple on AIX) all running 2.2.8a

The Windows admins want to know why they keep getting bad login attempts in their event log:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 01.6.2004
Time: 06:56:15
User: NT AUTHORITY\SYSTEM
Computer: DOMAINBDC
Logon Failure:
Reason: Unknown user name or bad password
User Name: SAMBATEST$HOSTNAME
Domain: MYDOMAIN
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM

This is even happening on a server that is NOT a DC - one which connects to a samba share.

Typical smb.conf:

# Global parameters
[global]
workgroup = $MYDOMAIN
netbios name = $HOSTNAME
netbios aliases = somealias
server string = Samba Server 2.2.8a
security = SERVER
encrypt passwords = Yes
password server = DC1, DC2, DC3
username map = /etc/opt/samba/username.map
log level = 2
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 10000
keepalive = 0
load printers = No
show add printer wizard = No
preferred master = No
local master = No
domain master = No
wins server = PCANS01
valid users = user1, user2, etc
read only = No
create mask = 0664
force create mode = 0664
directory mask = 0775
short preserve case = No
dos filetime resolution = Yes

[data]
comment = Data
path = /app/data/
hide files = /logs/archive/diskcache/errors/

Any ideas as how to stop?

I googled and found a post from Jeremy Allison, Samba Team that states:

The code was changed in Samba to do this. The reason is that some versions of NT when used as a password server have a *terrible* bug. They allow a user to be connected as guest *BUT THEN FAILS TO SET THE PROTOCOL BIT THAT SPECIFIES A GUEST CONNECT WAS DONE* !!

Apparently, this happened way back in 1998....

Anyone have a way to stop the events? without compromising security?

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
3 REPLIES 3
Geoff Wild
Honored Contributor

‎06-09-2004 01:53 AM

‎06-09-2004 01:53 AM

Re: sambatest$HOSTNAME

Ping!

Still having this issue....

Anyone have any ideas?

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Keith Lautenschlager
Advisor

‎06-14-2004 03:09 AM

‎06-14-2004 03:09 AM

Solution

Re: sambatest$HOSTNAME

Geoff,

The only way to stop this behavior would be to use something other than 'server' level security. When you use server level security, as you have in your smb.conf file, Samba does this login to check for the potential security bug that the Windows server may have. If you switched from server to domain level the Samba server does not do this security check, and the failed logins would not occur. Using domain level security means you would actually have to have the Samba server "join" the domain, as a member server, but it would get rid of the messages you are seeing.
Geoff Wild
Honored Contributor

‎06-14-2004 04:20 AM

‎06-14-2004 04:20 AM

Re: sambatest$HOSTNAME

Keith, thanks for the reply - I figured that security=DOMAIN would stop it - but wasn't too sure.

Unfortunately, I don't think the NT group will allow me to play in their sandbox :)

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.