[Samba] Workstation authentication and authorization failed event
lingpanda101
lingpanda101 at gmail.com
Tue Mar 6 17:31:38 UTC 2018
Hello,
I've recently enabled authentication logging and it's been working well. Today I see a failure for a workstation.
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[pc-45 at DOMAIN.LOCAL] at [Tue, 06 Mar 2018 11:42:15.767915 EST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_WRONG_PASSWORD] workstation [(null)] remote host [ipv4:172.16.25.47:61738] mapped to [DOMAIN]\[PC-45]. local host [NULL]
In the past this was due to replication failure on a DC. However I'm not sure how to interpret this log. I would expect to see something like PC-45$@DOMAIN.LOCAL. Without the dollar sign it looks as if someone attempted to sign in locally with the username 'PC-45'. I'm in the early stages of investigation but am I correct in this thought process? Thanks.
--
--
James
More information about the samba
mailing list