[Samba] Event log 4768 audit failure user root

lingpanda101 lingpanda101 at gmail.com
Tue Mar 27 17:05:05 UTC 2018

On 3/27/2018 11:45 AM, Tom via samba wrote:
> Hi there,
> I’m new to this mailing list but I have a special question to you.
> This older post https://lists.samba.org/archive/samba/2016-June/200271.html describes exactly my problem.
> In my case I do not upgraded the samba version. It is a fresh installation on a Ubuntu server box.
> The samba version is:  Version 4.3.11-Ubuntu
> The winbindd version is: Version 4.3.11-Ubuntu
> I use samba/winbindd to add the Ubuntu server through the MS ActiveDirectory.
> The linux server is used as a Squid Proxy with a keytab configuration. So there is no user login needed.
> It is also not needed to login with an AD user on the linux server.
> This configuration is working fine and with no problems.
> The only thing is, that every time the server starts or the service [winbind/samba] tries to re-authenticate with the domain controller,
> it produces the event 4768 in the active directory domain controllers.
> Is it possible to disable this functionality or to configure a dedicated AD user to run such Kerberos ticket requests instead of user root?
> Any idea / help is welcome.

I don't use a Squid proxy but you can try mapping root to Administrator.

Create the following file /etc/samba/user.map.  Add '!root = 
DOMAIN\Administrator DOMAIN\administrator' without quotes. In your 
smb.conf file add under [global] 'username map = /etc/samba/user.map' 
without quotes again.

Any reason to run such an old version of Samba? It's end of life.


More information about the samba mailing list