[Samba] Lagging failed login attempts
Paul Gienger
pgienger at ae-solutions.com
Fri Nov 19 15:51:47 GMT 2004
Adam Tauno Williams wrote:
>>>Are failed client logins on the XP clients logged anywhere ?
>>>How about non-domain member clients accessing shares ?
>>>
>>>
>>It completely depends on your logging settings. Perhaps show your
>>smb.conf global section so we can tell.
>>In my setup, and from the looks of things around here, a lot of other
>>peoples, is that there is a main log.smbd file and then also a log for
>>each machine. Check in those if you are so configured. I'm sure we'll
>>have better info for you once we see your globals.
>>
>>
>
>None of which are terribly useful or consice for loggin access attempts.
>
>
Then you aren't trying hard enough. I 'was' getting stuff like this in
my logs all over the place
check_ntlm_password: Authentication for user [training] -> [training]
FAILED with error NT_STATUS_NO_SUCH_USER
and
check_ntlm_password: Authentication for user [cmcleod] -> [cmcleod]
FAILED with error NT_STATUS_WRONG_PASSWORD
If that isn't a failed login then I don't know what is. Depending on
your setup you'll see this in a machine specific file or the unified log
file. Trolling through isn't that bad, if you do a grep for NT and then
another grep for FAILED you'll get the machine it was coming from (in
the file: section of grep) and probably the username (as above) and the
reason it was failed (also above). If you're not seeing that, turn up
your log level until you do. I don't think I've ever operated higher
than 2 in production.
I also see lots of valid connection results, so if you want 'successful'
connections, it's in there too.
--
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Systems Architect Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
More information about the samba
mailing list