[Samba] gnome-screensaver and PAM

Bruno Martins bmomartins at gmail.com
Fri Dec 30 09:07:46 MST 2011 

On Fri, Dec 30, 2011 at 3:59 PM, Camaleón <noelamac at gmail.com> wrote:
> On Fri, 30 Dec 2011 10:48:42 +0000, Bruno Martins wrote:
>
>> I am having this problem, and it gets logged every second:
>>
>> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0.0 ruser= rhost= user=joe
>> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): getting password (0x00000388)
>> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): pam_get_item returned a password
>> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
>
> (...)
>
>> I have no idea of what can I do to solve this.
>
> Does user "joe" exist in the system? :-?
>
>> My setup includes winbind authentication. May this be related?
>
> It can be "indirectly "related but I don't think winbind is generating
> those messages by its own... is it possible that the system can be
> accessed remotely (by means of VNC, SSH...)? The logs remember me some
> kind of password dictionary attack.
>
> Greetings,
>
> --
> Camaleón
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST at lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster at lists.debian.org
> Archive: http://lists.debian.org/pan.2011.12.30.15.59.43@gmail.com
>

User 'joe' exists as a local user, not as an AD user. This server is
accessed by SSH and also using xrdp.

My first thoughts were precisely that - an attack.

This is my nsswitch.conf file:
root at sputnik:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat  winbind
group:          compat  winbind
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Best regards,

Bruno Martins

More information about the samba mailing list