R: [Samba] unauthorized acess attempt

Gianluca Culot gianlucaculot at dmsware.com
Wed Dec 19 09:08:15 GMT 2007

Hello Jeremy

Sorry for my late answer. 
Your message went unseen and I got really busy with some urgent projects.

About my box (freebsd6 + samba + dovecot + postfix)

I'm building from ports, and as it is a production machine I'd like to let
it be managed by ports, as I usually run portupgrade to update the packages.

Anyway.... Are you sure it is a bug ?
This message is not generated at regular times, and not always near user
activity. I get A LOT of such a message even at full night, with no user
activity at all.
I suspect it is not a bug but a foreign user trying to gain access to my
mail server trying random passwords for a user. 
BUT I CANNOT READ the account being tampered... 

Maybe I could adjust the log level... But please consider this box manages
something like 5000 emails/day... I cannot rise the log level too much !
And I cannot put it in a "idle" state any way !


> -----Messaggio originale-----
> Da: Jeremy Allison [mailto:jra at samba.org] 
> Inviato: venerdì 14 dicembre 2007 19.08
> A: Gianluca Culot
> Cc: 'Samba at Lists. Samba. Org'
> Oggetto: Re: [Samba] unauthorized acess attempt
> On Fri, Dec 14, 2007 at 04:26:13PM +0100, Gianluca Culot wrote:
> > Hello list
> >  
> > I'm facing a little security problem
> >  
> > I get A LOT (3 a minute) a such a message
> >  
> >  mail dovecot-auth: pam_winbind(dovecot): request failed: No such 
> > user, PAM error was unknown user (13), NT error was 
> > 
> > I'd like to know which is the user name used in such 
> attempts How can 
> > I get such info without raising log level to an inacceptable level 
> > (which would cause my log file to explode !?! )
> This needs a patch I think. I'll look into this. Can you log 
> a bug at bugzilla.samba.org please ?
> If you can build from source, I can send you something you 
> can use quicker than waiting for an official release :-).
> Jeremy.

More information about the samba mailing list