[Samba] Lagging failed login attempts
Simon Hobson
shobson-lists at colony.com
Mon Nov 22 11:59:37 GMT 2004
Paul Gienger wrote:
>>>It completely depends on your logging settings. Perhaps show your smb.conf global section so we can tell.
>>>In my setup, and from the looks of things around here, a lot of other peoples, is that there is a main log.smbd file and then also a log for each machine. Check in those if you are so configured. I'm sure we'll have better info for you once we see your globals.
>>>
>>>
>>
>>None of which are terribly useful or consice for loggin access attempts.
>>
>Then you aren't trying hard enough. I 'was' getting stuff like this in my logs all over the place
>
>check_ntlm_password: Authentication for user [training] -> [training] FAILED with error NT_STATUS_NO_SUCH_USER
>and
>check_ntlm_password: Authentication for user [cmcleod] -> [cmcleod] FAILED with error NT_STATUS_WRONG_PASSWORD
Well I don't see those - I DID look first !
>If that isn't a failed login then I don't know what is. Depending on your setup you'll see this in a machine specific file or the unified log file. Trolling through isn't that bad, if you do a grep for NT and then another grep for FAILED you'll get the machine it was coming from (in the file: section of grep) and probably the username (as above) and the reason it was failed (also above).
slox:/var/log/samba # ls -l
total 6662
drwxr-x--- 2 root root 648 2004-11-22 08:53 .
drwxr-xr-x 10 root root 7736 2004-11-20 00:15 ..
-rw-r--r-- 1 root root 516017 2004-11-22 08:53 log.nmbd
-rw-r--r-- 1 root root 31367 2004-05-21 00:15 log.nmbd-20040521.gz
-rw-r--r-- 1 root root 31987 2004-11-01 00:15 log.nmbd-20041101.gz
-rw-r--r-- 1 root root 41480 2004-11-05 00:15 log.nmbd-20041105.gz
-rw-r--r-- 1 root root 36204 2004-11-11 00:15 log.nmbd-20041111.gz
-rw-r--r-- 1 root root 40248 2004-11-18 00:15 log.nmbd-20041118.gz
-rw-r--r-- 1 root root 591783 2004-11-22 08:52 log.smbd
-rw-r--r-- 1 root root 39300 2004-05-28 00:15 log.smbd-20040528.gz
-rw-r--r-- 1 root root 46070 2004-11-01 00:15 log.smbd-20041101.gz
-rw-r--r-- 1 root root 44033 2004-11-02 00:15 log.smbd-20041102.gz
-rw-r--r-- 1 root root 55800 2004-11-03 00:15 log.smbd-20041103.gz
-rw-r--r-- 1 root root 55538 2004-11-04 00:15 log.smbd-20041104.gz
-rw-r--r-- 1 root root 38379 2004-11-06 00:15 log.smbd-20041106.gz
-rw-r--r-- 1 root root 38531 2004-11-11 00:15 log.smbd-20041111.gz
-rw-r--r-- 1 root root 51668 2004-11-18 00:15 log.smbd-20041118.gz
-rw-r--r-- 1 root root 5120229 2004-10-29 21:12 log.smbd.old
slox:/var/log/samba # grep FAILED *
slox:/var/log/samba # grep NT *
Binary file log.nmbd-20041101.gz matches
Binary file log.nmbd-20041118.gz matches
Binary file log.smbd-20041104.gz matches
Binary file log.smbd-20041106.gz matches
Binary file log.smbd-20041118.gz matches
slox:/var/log/samba #
This was after I'd deliberately done a failed login.
>If you're not seeing that, turn up your log level until you do. I don't think I've ever operated higher than 2 in production.
I still don't get failed login messages at log level 3.
I've changed the 'log file' parameter to log to individual machine files, and then did a bad login on my PC, this is what I got in the machine log file (on log level 2) :
slox:/var/log/samba # cat log.pc180-shobson
[2004/11/22 09:44:03, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1318)
failed to decode PDU
[2004/11/22 09:44:03, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(504)
process_request_pdu: failed to do schannel processing.
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_open_connection(217)
ldap_open_connection: connection opened
[2004/11/22 09:44:03, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
ldap_connect_system: Binding to ldap server as "uid=cyrus,dc=colony,dc=com"
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
ldap_connect_system: succesful connection to the LDAP server
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
ldap_search_one_user: searching for:[(&(uid=pc180-shobson$)(objectclass=sambaAccount))]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [uid] = [pc180-shobson$]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576)
Entry found for user: pc180-shobson$
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdLastSet] = [1098964404]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [logonTime] = [0]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [logoffTime] = [0]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [kickoffTime] = [0]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdCanChange] = [0]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdMustChange] = [0]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [cn] = [PC180-SHOBSON$]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [homeDrive] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [smbHome] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [scriptPath] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [profilePath] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [description] = [Windows Workstation pc180-shobson]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [userWorkstations] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [rid] = [2001006]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [primaryGroupID] = [132069]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [lmPassword] = [xxx]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [ntPassword] = [x]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [acctFlags] = [[W ]]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_open_connection(217)
ldap_open_connection: connection opened
[2004/11/22 09:44:03, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
ldap_connect_system: Binding to ldap server as "uid=cyrus,dc=colony,dc=com"
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
ldap_connect_system: succesful connection to the LDAP server
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
ldap_search_one_user: searching for:[(&(uid=shobson)(objectclass=sambaAccount))]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [uid] = [shobson]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576)
Entry found for user: shobson
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdLastSet] = [1086254073]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [logonTime] = [0]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [logoffTime] = [2147483647]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [kickoffTime] = [2147483647]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdCanChange] = [0]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdMustChange] = [2147483647]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [cn] = [Simon Hobson]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [homeDrive] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [smbHome] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [scriptPath] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [profilePath] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [description] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [userWorkstations] = [<does not exist>]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [rid] = [2008]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [primaryGroupID] = [2023]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [lmPassword] = [xxx]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [ntPassword] = [xxx]
[2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [acctFlags] = [[U ]]
slox:/var/log/samba #
smbstatus reports : Samba version 2.2.8a-UL
and my globals are :
[global]
workgroup = CGC
netbios aliases = filestore CDJukebox
server string = Colony Main Server
encrypt passwords = Yes
map to guest = Bad User
username map = /etc/samba/smbusers
log level = 2
log file = /var/log/samba/log.%m
syslog = 0
time server = Yes
unix extensions = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
domain admin group = root admin administrator
add user script = /usr/sbin/addsmbmachine2ldap %m
logon script = logon.bat
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 60
domain master = Yes
enhanced browsing = No
wins support = Yes
ldap port = 389
ldap suffix = dc=colony,dc=com
ldap admin dn = uid=cyrus,dc=colony,dc=com
ldap ssl = no
ldap del only sam attr = Yes
admin users = Administrator administrator ghostadmin
printing = cups
hide files = /desktop.ini/Desktop.ini/
Simon
--
Simon Hobson MA MIEE, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101
Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.
More information about the samba
mailing list