[Samba] Re: Log files created for every machine not joined to the domain...

Matt Anderson sokkerstud_11 at hotmail.com
Mon Aug 20 22:39:08 GMT 2007 

> I can not think of any right now. You may want to check some of these
> logs to see what they are trying to access.
> 
> John

Well, in most cases, it looks like an authentication is being attempted, like
the following (full context below):
...
[2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[COMPUTER-NAME]\[USERNAME]@[COMPUTER-NAME] with the new password interface
[2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [OURDOMAIN]\[USERNAME]@[COMPUTER-NAME]
...
[2007/08/20 07:28:09, 3] auth/auth_sam.c:check_sam_security(264)
  check_sam_security: Couldn't find user 'USERNAME' in passdb.
[2007/08/20 07:28:09, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [OURDOMAIN] was
for this SAM.
[2007/08/20 07:28:09, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [USERNAME] -> [USERNAME] FAILED
with error NT_STATUS_NO_SUCH_USER

-Matt





[2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087)
  Transaction 1 of length 137
[2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886)
  switch message SMBnegprot (pid 27394) conn 0x0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [LANMAN1.0]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [Windows for Workgroups 3.1a]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [LM1.2X002]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [LANMAN2.1]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [NT LM 0.12]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_nt1(357)
  using SPNEGO
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(579)
  Selected protocol NT LM 0.12
[2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087)
  Transaction 2 of length 240
[2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886)
  switch message SMBsesssetupX (pid 27394) conn 0x0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822)
  wct=12 flg2=0xc807
[2007/08/20 07:28:09, 2] smbd/sesssetup.c:setup_new_vc_session(772)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633)
  Doing spnego session setup
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664)
  NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_spnego_negotiate(525)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_spnego_negotiate(528)
  Got secblob of size 40
[2007/08/20 07:28:09, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0xe2088297
[2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087)
  Transaction 3 of length 288
[2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886)
  switch message SMBsesssetupX (pid 27394) conn 0x0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822)
  wct=12 flg2=0xc807
[2007/08/20 07:28:09, 2] smbd/sesssetup.c:setup_new_vc_session(772)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633)
  Doing spnego session setup
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664)
  NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2007/08/20 07:28:09, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662)
  Got user=[] domain=[] workstation=[COMPUTER-NAME] len1=1 len2=0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/08/20 07:28:09, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[]\[]@[COMPUTER-NAME] with the new password interface
[2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [OURDOMAIN]\[]@[COMPUTER-NAME]
[2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: guest authentication for user [] succeeded
[2007/08/20 07:28:09, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2007/08/20 07:28:09, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60088235
[2007/08/20 07:28:09, 3] smbd/password.c:register_vuid(257)
  User name: nobody	Real name: nobody
[2007/08/20 07:28:09, 3] smbd/password.c:register_vuid(276)
  UNIX uid 65534 is UNIX user nobody, and will be vuid 101
[2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087)
  Transaction 4 of length 86
[2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886)
  switch message SMBtconX (pid 27394) conn 0x0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/service.c:make_connection_snum(495)
  Connect path is '/var/tmp' for service [IPC$]
[2007/08/20 07:28:09, 3] lib/util_seaccess.c:se_access_check(250)
[2007/08/20 07:28:09, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-1353595730-3054078111-0123456789-501
  se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-514
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-32-546
  se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-132067
  se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-132069
[2007/08/20 07:28:09, 3] smbd/vfs.c:vfs_init_default(216)
  Initialising default vfs hooks
[2007/08/20 07:28:09, 3] lib/util_seaccess.c:se_access_check(250)
[2007/08/20 07:28:09, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-1353595730-3054078111-0123456789-501
  se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-514
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-32-546
  se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-132067
  se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-132069
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/service.c:make_connection_snum(700)
  COMPUTER-NAME (192.1.70.21) connect to service IPC$ initially as user nobody
(uid=65534, gid=65533) (pid 27394)
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/reply.c:reply_tcon_and_X(708)
  tconX service=IPC$ 
[2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087)
  Transaction 5 of length 132
[2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886)
  switch message SMBtrans (pid 27394) conn 0x803aec30
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/ipc.c:reply_trans(539)
  trans <\PIPE\LANMAN> data=0 params=36 setup=0
[2007/08/20 07:28:09, 3] smbd/ipc.c:named_pipe(334)
  named pipe command on <LANMAN> name
[2007/08/20 07:28:09, 3] smbd/lanman.c:api_reply(3670)
  Got API command 104 of form <WrLehDz> <B16BBDz>
(tdscnt=0,tpscnt=36,mdrcnt=4200,mprcnt=8)
[2007/08/20 07:28:09, 3] smbd/lanman.c:api_reply(3674)
  Doing NetServerEnum
[2007/08/20 07:28:09, 3] smbd/lanman.c:api_RNetServerEnum(1349)
  NetServerEnum domain = OURDOMAIN uLevel=1 counted=3 total=3
[2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087)
  Transaction 6 of length 43
[2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886)
  switch message SMBulogoffX (pid 27394) conn 0x0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/reply.c:reply_ulogoffX(1606)
  ulogoffX vuid=101
[2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087)
  Transaction 7 of length 39
[2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886)
  switch message SMBtdis (pid 27394) conn 0x803aec30
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/service.c:close_cnum(892)
  COMPUTER-NAME (192.1.70.21) closed connection to service IPC$
[2007/08/20 07:28:09, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to IPC$
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/process.c:timeout_processing(1340)
  timeout_processing: End of file from client (client has disconnected).
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 2] smbd/server.c:exit_server(614)
  Closing connections
[2007/08/20 07:28:09, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to 
[2007/08/20 07:28:09, 3] smbd/server.c:exit_server(655)
  Server exit (normal exit)
[2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087)
  Transaction 1 of length 137
[2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886)
  switch message SMBnegprot (pid 27395) conn 0x0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [LANMAN1.0]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [Windows for Workgroups 3.1a]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [LM1.2X002]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [LANMAN2.1]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486)
  Requested protocol [NT LM 0.12]
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_nt1(357)
  using SPNEGO
[2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(579)
  Selected protocol NT LM 0.12
[2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087)
  Transaction 2 of length 240
[2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886)
  switch message SMBsesssetupX (pid 27395) conn 0x0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822)
  wct=12 flg2=0xc807
[2007/08/20 07:28:09, 2] smbd/sesssetup.c:setup_new_vc_session(772)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633)
  Doing spnego session setup
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664)
  NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_spnego_negotiate(525)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_spnego_negotiate(528)
  Got secblob of size 40
[2007/08/20 07:28:09, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0xe2088297
[2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087)
  Transaction 3 of length 382
[2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886)
  switch message SMBsesssetupX (pid 27395) conn 0x0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822)
  wct=12 flg2=0xc807
[2007/08/20 07:28:09, 2] smbd/sesssetup.c:setup_new_vc_session(772)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633)
  Doing spnego session setup
[2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664)
  NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2007/08/20 07:28:09, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662)
  Got user=[USERNAME] domain=[COMPUTER-NAME] workstation=[COMPUTER-NAME] len1=24
len2=24
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/08/20 07:28:09, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[COMPUTER-NAME]\[USERNAME]@[COMPUTER-NAME] with the new password interface
[2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [OURDOMAIN]\[USERNAME]@[COMPUTER-NAME]
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2007/08/20 07:28:09, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/08/20 07:28:09, 2] lib/smbldap.c:smbldap_open_connection(724)
  smbldap_open_connection: connection opened
[2007/08/20 07:28:09, 3] lib/smbldap.c:smbldap_connect_system(926)
  ldap_connect_system: succesful connection to the LDAP server
[2007/08/20 07:28:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/08/20 07:28:09, 3] auth/auth_sam.c:check_sam_security(264)
  check_sam_security: Couldn't find user 'USERNAME' in passdb.
[2007/08/20 07:28:09, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [OURDOMAIN] was
for this SAM.
[2007/08/20 07:28:09, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [USERNAME] -> [USERNAME] FAILED
with error NT_STATUS_NO_SUCH_USER

More information about the samba mailing list