[Samba] two log.samba failed password questions
mj
lists at merit.unu.edu
Thu Jul 13 09:37:48 UTC 2017
Hi,
Just trying to understand my logs, hence two short questions:
#1, from log.samba:
> ntlm_password_check: Interactive logon: NT password check failed for user username
Does "Interactive logon" mean: someone using a workstation to logon? Or
could it also be an ldap authentication attempt?
#2, from log.samba:
> [2017/07/12 13:54:00.638116, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- p2560$@samba.company.com
> [2017/07/12 13:54:00.638128, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- p2560$@samba.company.com
> [2017/07/12 13:54:00.638168, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed to decrypt PA-DATA -- p2560$@samba.company.com (enctype arcfour-hmac-md5) error Decrypt integrity check failed
> [2017/07/12 13:54:00.651892, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed to decrypt PA-DATA -- p2560$@samba.company.com
This happens mostly for this workstation p2560$, but also occasionally
also for some users.
BTW We're very much looking forward to samba 4.7, for the improved
authentication logging! :-)
MJ
More information about the samba
mailing list