[Samba] audit logging

Edouard Guigné eguigne at pasteur-cayenne.fr
Wed Jul 24 15:52:35 UTC 2019

I ask because I would like to be reassured about it, because there are 
so many entries of this type in my logs.

The windows workstations are joined to the domain.
At users sessions log on, a script mounts the samba share on each 
windows users sessions.

I do not understand why a workstation joined to the domain tries to auth 
against samba ;
because only domain users can auth successfully against my samba server.


Le 24/07/2019 à 11:46, Rowland penny via samba a écrit :
> On 24/07/2019 15:31, Edouard Guigné via samba wrote:
>> Hello,
>> I have set up audit logging and I find many entries of this type :
>> ./auth/auth_log.c:760(log_authentication_event_human_readable) Auth: 
>> [SMB2,(null)] user [MYDOMAIN]\[MYWORKSTATION$] at [mar., 23 juil. 
>> 2019 07:49:43.486619 -03] with [NTLMv2] status 
>> [NT_STATUS_NO_SUCH_USER] workstation [MYWORKSTATION] remote host 
>> [ipv4:10.x.x.x:49472] mapped to [MYDOMAIN]\[MYWORKSTATION$]. local host
>> What does it mean ?
> I would have thought that this was obvious, a computer has connected 
> to the domain, you are aware that a computer is just a user with an 
> extra objectclass and extra attributes ?
> Rowland

More information about the samba mailing list