[Samba] gnome-screensaver and PAM
bmomartins at gmail.com
Fri Dec 30 09:07:46 MST 2011
On Fri, Dec 30, 2011 at 3:59 PM, Camaleón <noelamac at gmail.com> wrote:
> On Fri, 30 Dec 2011 10:48:42 +0000, Bruno Martins wrote:
>> I am having this problem, and it gets logged every second:
>> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0.0 ruser= rhost= user=joe
>> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): getting password (0x00000388)
>> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): pam_get_item returned a password
>> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
>> I have no idea of what can I do to solve this.
> Does user "joe" exist in the system? :-?
>> My setup includes winbind authentication. May this be related?
> It can be "indirectly "related but I don't think winbind is generating
> those messages by its own... is it possible that the system can be
> accessed remotely (by means of VNC, SSH...)? The logs remember me some
> kind of password dictionary attack.
> To UNSUBSCRIBE, email to debian-user-REQUEST at lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster at lists.debian.org
> Archive: http://firstname.lastname@example.org
User 'joe' exists as a local user, not as an AD user. This server is
accessed by SSH and also using xrdp.
My first thoughts were precisely that - an attack.
This is my nsswitch.conf file:
root at sputnik:~# cat /etc/nsswitch.conf
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat winbind
group: compat winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
protocols: db files
services: db files
ethers: db files
rpc: db files
More information about the samba