[Samba] Failed auth attempt i don't understand.
Rowland penny
rpenny at samba.org
Thu Oct 1 18:46:03 UTC 2020
On 01/10/2020 19:06, karel.de.macil at free.fr wrote:
> Le 01/10/2020 19:27, Rowland penny via samba a écrit :
>>
>> Is this on a DC or a Unix domain member ?
>
> this is a remote desktop attempt on a computer who is in the domain
> managed by the DC from which i get the log
I actually meant where the log came from.
>
>> Why are you using Administrator on Unix ?
>
> This is the default administrator account in samba4 but the behavior
> is the same with any account.
No, it is the default administrator in AD and as such, shouldn't be used
used as a normal user. Another question is, do you use the winbind 'ad'
backend anywhere in your network and have you added a uidNumber to
Administrator ?
>
>> Might help if we see your smb.conf
>
> [global]
> netbios name = DC-TEST
> realm = LOCAL.MYDOMAIN
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate, dns
> workgroup = IETR
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 129.20.128.39
> allow dns updates = nonsecure
> dns update command=/usr/sbin/samba_dnsupdate --use-samba-tool
> restrict anonymous = 2
> printcap name = /dev/null
> load printers = no
> disable spoolss = yes
> printing = bsd
> log level = 6
> #auth_audit:10@/var/log/samba/log.auth_audit
> disable netbios = yes
> smb ports = 445
> [netlogon]
> path = /var/lib/samba/sysvol/local.mydomain/scripts
> read only = No
> vfs objects = full_audit
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> vfs objects = full_audit
By setting 'vfs objects = full_audit', you have turned off the default
vfs objects, if you are going to set a vfs object on a DC, set it like
this: vfs objects = dfs_samba4 acl_xattr full_audit
Rowland
More information about the samba
mailing list