R: [Samba] unauthorized acess attempt
gianlucaculot at dmsware.com
Wed Dec 19 09:08:15 GMT 2007
Sorry for my late answer.
Your message went unseen and I got really busy with some urgent projects.
About my box (freebsd6 + samba + dovecot + postfix)
I'm building from ports, and as it is a production machine I'd like to let
it be managed by ports, as I usually run portupgrade to update the packages.
Anyway.... Are you sure it is a bug ?
This message is not generated at regular times, and not always near user
activity. I get A LOT of such a message even at full night, with no user
activity at all.
I suspect it is not a bug but a foreign user trying to gain access to my
mail server trying random passwords for a user.
BUT I CANNOT READ the account being tampered...
Maybe I could adjust the log level... But please consider this box manages
something like 5000 emails/day... I cannot rise the log level too much !
And I cannot put it in a "idle" state any way !
> -----Messaggio originale-----
> Da: Jeremy Allison [mailto:jra at samba.org]
> Inviato: venerdì 14 dicembre 2007 19.08
> A: Gianluca Culot
> Cc: 'Samba at Lists. Samba. Org'
> Oggetto: Re: [Samba] unauthorized acess attempt
> On Fri, Dec 14, 2007 at 04:26:13PM +0100, Gianluca Culot wrote:
> > Hello list
> > I'm facing a little security problem
> > I get A LOT (3 a minute) a such a message
> > mail dovecot-auth: pam_winbind(dovecot): request failed: No such
> > user, PAM error was unknown user (13), NT error was
> > NT_STATUS_NO_SUCH_USER
> > I'd like to know which is the user name used in such
> attempts How can
> > I get such info without raising log level to an inacceptable level
> > (which would cause my log file to explode !?! )
> This needs a patch I think. I'll look into this. Can you log
> a bug at bugzilla.samba.org please ?
> If you can build from source, I can send you something you
> can use quicker than waiting for an official release :-).
More information about the samba