R: [Samba] unauthorized acess attempt

Gianluca Culot gianlucaculot at dmsware.com
Wed Dec 19 09:08:15 GMT 2007


Hello Jeremy

Sorry for my late answer. 
Your message went unseen and I got really busy with some urgent projects.

About my box (freebsd6 + samba + dovecot + postfix)
samba-3.0.26a_2,1 
dovecot-1.0.7 
postfix-2.3.13,1

I'm building from ports, and as it is a production machine I'd like to let
it be managed by ports, as I usually run portupgrade to update the packages.

Anyway.... Are you sure it is a bug ?
This message is not generated at regular times, and not always near user
activity. I get A LOT of such a message even at full night, with no user
activity at all.
I suspect it is not a bug but a foreign user trying to gain access to my
mail server trying random passwords for a user. 
BUT I CANNOT READ the account being tampered... 

Maybe I could adjust the log level... But please consider this box manages
something like 5000 emails/day... I cannot rise the log level too much !
And I cannot put it in a "idle" state any way !

Thanks


> -----Messaggio originale-----
> Da: Jeremy Allison [mailto:jra at samba.org] 
> Inviato: venerdì 14 dicembre 2007 19.08
> A: Gianluca Culot
> Cc: 'Samba at Lists. Samba. Org'
> Oggetto: Re: [Samba] unauthorized acess attempt
> 
> On Fri, Dec 14, 2007 at 04:26:13PM +0100, Gianluca Culot wrote:
> > Hello list
> >  
> > I'm facing a little security problem
> >  
> > I get A LOT (3 a minute) a such a message
> >  
> >  mail dovecot-auth: pam_winbind(dovecot): request failed: No such 
> > user, PAM error was unknown user (13), NT error was 
> > NT_STATUS_NO_SUCH_USER
> > 
> > I'd like to know which is the user name used in such 
> attempts How can 
> > I get such info without raising log level to an inacceptable level 
> > (which would cause my log file to explode !?! )
> 
> This needs a patch I think. I'll look into this. Can you log 
> a bug at bugzilla.samba.org please ?
> 
> If you can build from source, I can send you something you 
> can use quicker than waiting for an official release :-).
> 
> Jeremy.
> 




More information about the samba mailing list