[Samba] Event log 4768 audit failure user root
hurr1c4n.2011 at googlemail.com
Wed Mar 28 08:02:55 UTC 2018
first of all thanks for you answer.
I tried you suggestion with the user.map.
Unfortunately this does not solve the problem.
Each time I restart the smbd service, I got a new authentication request on my DC.
So the problem is located at the service itself.
Regarding the old / end of life version of the installed samba package.
I installed the package from the official Ubuntu repos. Do you think it could be a bug in this version?
> Am 27.03.2018 um 19:05 schrieb lingpanda101 <lingpanda101 at gmail.com>:
>> On 3/27/2018 11:45 AM, Tom via samba wrote:
>> Hi there,
>> I’m new to this mailing list but I have a special question to you.
>> This older post https://lists.samba.org/archive/samba/2016-June/200271.html describes exactly my problem.
>> In my case I do not upgraded the samba version. It is a fresh installation on a Ubuntu server box.
>> The samba version is: Version 4.3.11-Ubuntu
>> The winbindd version is: Version 4.3.11-Ubuntu
>> I use samba/winbindd to add the Ubuntu server through the MS ActiveDirectory.
>> The linux server is used as a Squid Proxy with a keytab configuration. So there is no user login needed.
>> It is also not needed to login with an AD user on the linux server.
>> This configuration is working fine and with no problems.
>> The only thing is, that every time the server starts or the service [winbind/samba] tries to re-authenticate with the domain controller,
>> it produces the event 4768 in the active directory domain controllers.
>> Is it possible to disable this functionality or to configure a dedicated AD user to run such Kerberos ticket requests instead of user root?
>> Any idea / help is welcome.
> I don't use a Squid proxy but you can try mapping root to Administrator.
> Create the following file /etc/samba/user.map. Add '!root = DOMAIN\Administrator DOMAIN\administrator' without quotes. In your smb.conf file add under [global] 'username map = /etc/samba/user.map' without quotes again.
> Any reason to run such an old version of Samba? It's end of life.
More information about the samba