[Samba] log.samba: ntlm_password_check: Interactive logon: NT password check failed for user username
lists at merit.unu.edu
Tue Jul 18 12:56:41 UTC 2017
Is there a way with samba 4.6 to find out more details about these kinds
of failed passwords:
> ./log.samba: auth_check_password_recv: sam_ignoredomain authentication for user [DOMAIN\username] FAILED with error NT_STATUS_WRONG_PASSWORD
> ./log.samba: auth_check_password_send: Checking password for unmapped user [DOMAIN]\[username]@[(null)]
> ./log.samba: auth_check_password_send: mapped user is: [DOMAIN]\[username]@[(null)]
> ./log.samba: ntlm_password_check: Interactive logon: NT password check failed for user username
We usually had around 5-10 of these per hour, but since a few days we
are seeing a big increase of them.
They worry me, and I can't see where they come from.
"Interactive logon" means from an actual AD workstation, I guess? (so:
it's not an LDAP auth attempt or such?)
More information about the samba