TEST RESULTS - (maybe we have a clue here)

Ilender Linux linux at ilender.com.pe
Thu Dec 14 14:44:50 GMT 2000 

Dear Mr. Anders:

I have checked both the log.nmb and the log.smb, and ONLY in log.nmb you see
some kind of activity when people try to authenticate (successfully or not).

Here you can see it:
_________________________________________________
NMB LOG:

[2000/12/14 09:24:14, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70)
  process_logon_packet: Logon from 172.16.4.32: code = 0x0
[2000/12/14 09:24:14, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70)
  process_logon_packet: Logon from 172.16.4.32: code = 0x0
[2000/12/14 09:24:17, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70)
  process_logon_packet: Logon from 172.16.4.32: code = 0x7

SMB LOG:

[2000/12/12 08:47:33, 1] smbd/server.c:main(641)
  smbd version 2.0.7 started.
  Copyright Andrew Tridgell 1992-1998
[2000/12/12 09:37:43, 1] smbd/server.c:main(641)
  smbd version 2.0.7 started.
  Copyright Andrew Tridgell 1992-1998
[2000/12/12 09:39:07, 1] smbd/server.c:main(641)
  smbd version 2.0.7 started.
_________________________________________________

As you can see here in the range of time, while LOG.NMB was logging a
successfully authentication from 172.16.4.32, LOG.SMB was doing nothing.

You might be right, I don´t know exactly how nmb and smb works, maybe nmb
doesnt authenticate, but what I am sure is the in log.nmb the successfull
and failed login attemps are registered. Maybe someone can explain me why...

I also read http://support.microsoft.com/support/kb/articles/Q189/1/01.ASP
document, but didnt find anything about the code = 0x0 and code = 0x7 that
log.nmb registers... what I found was how the bits in a data stream
determine whether a client is either a B node, P node or M node (kind of
information I get when doing an nmblookup) - it was VERY interesting and
educational (I love to learn) but it wasn´t what i was looking for...

thanks everybody for your help!!!... maybe we can find the cause of the
problem together! :o)

Greetings!

Jorge Sarmiento
Network Administrator
Ilender Peru S.A.
www.ilender.com.pe


----- Original Message -----
From: Anders C. Thorsen <anders at aae.wisc.edu>
To: Ilender Linux <linux at ilender.com.pe>
Cc: <samba-ntdom at us4.samba.org>
Sent: Wednesday, December 13, 2000 7:20 AM
Subject: Re: TEST RESULTS - (maybe we have a clue here)


> A general hint is that nmbd is the daemon responsible for browsing (i.e.
> similar to DNS. and can be a WINS server).
> Keep this in mind when looking at the log files.
>
> The smbd is the daemon responsible for the server itself,
> i.e. login to the server, thus also the autentication.
>
> What you see here is probably just the machine registering itself
> on the network with different netbios types.
> for general information on these flags, please see
> http://support.microsoft.com/support/kb/articles/Q189/1/01.ASP
>
> Note that browse (nmbd) activity is not authenticated.
>
> Also, _please_ read David Bannons FAQs on samba.org (yes, it's under
> Documentation)
>
> On Wed, Dec 13, 2000 at 06:33:10PM -0500, Ilender Linux wrote:
> > Hello everybody again!
> >
> > I have just made this test:
> >
> > I changed the IP address of a Windows box and tried to make login while
> > doing a tail -f /var/log/samba/log.nmb and, although the password was
> > correct, SAMBA didn´t accept the login until the third try. Here is the
log
> > of that test:
> >
> > [2000/12/13 18:23:25, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(70)
> >   process_logon_packet: Logon from 172.16.4.209: code = 0x0
> > [2000/12/13 18:23:25, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(70)
> >   process_logon_packet: Logon from 172.16.4.209: code = 0x0
> > [2000/12/13 18:23:51, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(70)
> >   process_logon_packet: Logon from 172.16.4.209: code = 0x0
> > [2000/12/13 18:23:51, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(70)
> >   process_logon_packet: Logon from 172.16.4.209: code = 0x0
> > [2000/12/13 18:24:45, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(70)
> >   process_logon_packet: Logon from 172.16.4.209: code = 0x0
> > [2000/12/13 18:24:45, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(70)
> >   process_logon_packet: Logon from 172.16.4.209: code = 0x0
> > [2000/12/13 18:24:51, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(70)
> >   process_logon_packet: Logon from 172.16.4.209: code = 0x7
> >
> > Then I make a succefully login in another machine and got this log (in
> > log.nmb):
> >
> > [2000/12/13 18:26:13, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(70)
> >   process_logon_packet: Logon from 172.16.4.204: code = 0x0
> > [2000/12/13 18:26:13, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(70)
> >   process_logon_packet: Logon from 172.16.4.204: code = 0x0
> > [2000/12/13 18:26:19, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(70)
> >   process_logon_packet: Logon from 172.16.4.204: code = 0x7
> >
> > That means that when a login is done correctly I have two code = 0x0
> > followed by a code = 0x7, and if a login fails we only have two code =
0x0
> > and no code = 0x7.
> >
> > Now, anyone can explain me what the code = 0x0 and code = 0x7 means and
what
> > could be the cause of my problem????
> >
> > Thanks everybody for your help!
> >
> > Jorge Sarmiento
>
> --Anders
>
> Anders C. Thorsen
> PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc
>
> ----------------------------------------
> Only two things are infinite.
> The universe and human stupidity.
> Although, I am unsure of the former.
>
> Albert Einstein

More information about the samba-ntdom mailing list