[Samba] Strange winbindd situation
George.Lenzer at cpl.org
Wed Dec 11 16:37:01 GMT 2002
I set up winbindd last week on my Linux workstation. So far it's been
working just fine and I've been enjoying the benefits of being able to
connect to it with my NT user account. However, last week I noticed
that there were two or three new NT users in my '/home/winnt/DOMAIN'
directory that I *HADN'T* logged into this system with. I chalked it up
to a potential virus or worm infection so I had those three users run
their antivirus scanners. They turned up clean, so I then suspected
some kind of spyware or trojan. Anyway... I deleted the new home
directories for those users and didn't think about it again until
today. I only did this since I decided I'd better check since my
smb.log file as it was pretty big this morning. Well... it looks like I
am getting multiple connection attempts from different machines within
and outside of my NT domain (We have one way trusts with our other
domains). So... my questions are:
-What would cause these connections?
-Something malicious, or just a quirk with the clients?
-As far as I can tell, these clients all seem to be Win2K and XP. Is
this something natural to those clients? Maybe they search for shares
and this results in logons?
Anyone else seen this before?
More information about the samba