[Samba] Machine Login
Nelson Vale
nelsonduvall at gmail.com
Tue May 5 21:28:21 GMT 2009
Hi all,
In my system, samba (3.0.34) is configured as PDC with an LDAP backend and
has some user and machine accounts, and it all works fine. But recently I've
found out that if I remove one machine account from the LDAP server user
logins into the domain from that machine are still possible, even if the
machine login verification fails:
"...
[2009/05/05 19:34:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545)
init_sam_from_ldap: Entry found for user: test
[2009/05/05 19:34:47, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [test] -> [test] -> [test]
succeeded
[2009/05/05 19:34:52, 1] smbd/service.c:make_connection_snum(1033)
vmvista (192.168.100.198) connect to service netlogon initially as user
test (uid=1507, gid=1000) (pid 27646)
[2009/05/05 19:35:00, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
get_md4pw: Workstation VMVISTA$: no account in domain
[2009/05/05 19:35:00, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
_net_auth2: failed to get machine password for account VMVISTA$:
NT_STATUS_ACCESS_DENIED
[2009/05/05 19:35:06, 1] smbd/service.c:close_cnum(1230)
vmvista (192.168.100.198) closed connection to service netlogon
[2009/05/05 19:36:40, 2] smbd/sesssetup.c:setup_new_vc_session(1214)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2009/05/05 19:36:40, 2] smbd/sesssetup.c:setup_new_vc_session(1214)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2009/05/05 19:36:40, 2] lib/smbldap.c:smbldap_open_connection(786)
smbldap_open_connection: connection opened
[2009/05/05 19:36:41, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
get_md4pw: Workstation VMVISTA$: no account in domain
[2009/05/05 19:36:41, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
..."
Is there a way to prevent users logins from machines that have been removed
from system?
Nelson Vale
More information about the samba
mailing list