[Samba] Event log 4768 audit failure user root

Tom hurr1c4n.2011 at googlemail.com
Tue Mar 27 15:45:55 UTC 2018

Hi there,
I’m new to this mailing list but I have a special question to you.
This older post https://lists.samba.org/archive/samba/2016-June/200271.html describes exactly my problem.
In my case I do not upgraded the samba version. It is a fresh installation on a Ubuntu server box.
The samba version is:  Version 4.3.11-Ubuntu
The winbindd version is: Version 4.3.11-Ubuntu
I use samba/winbindd to add the Ubuntu server through the MS ActiveDirectory.
The linux server is used as a Squid Proxy with a keytab configuration. So there is no user login needed.
It is also not needed to login with an AD user on the linux server.
This configuration is working fine and with no problems.
The only thing is, that every time the server starts or the service [winbind/samba] tries to re-authenticate with the domain controller,
it produces the event 4768 in the active directory domain controllers.
Is it possible to disable this functionality or to configure a dedicated AD user to run such Kerberos ticket requests instead of user root?
Any idea / help is welcome.

More information about the samba mailing list