[Samba] Failed auth attempt i don't understand.
karel.de.macil at free.fr
karel.de.macil at free.fr
Thu Oct 1 19:47:46 UTC 2020
Le 01/10/2020 20:46, Rowland penny via samba a écrit :
> On 01/10/2020 19:06, karel.de.macil at free.fr wrote:
>> Le 01/10/2020 19:27, Rowland penny via samba a écrit :
>>>
>>> Is this on a DC or a Unix domain member ?
>>
>> this is a remote desktop attempt on a computer who is in the domain
>> managed by the DC from which i get the log
> I actually meant where the log came from.
The log commes from the samba 4 DC of the domain.
>>
>>> Why are you using Administrator on Unix ?
>>
>> This is the default administrator account in samba4 but the behavior
>> is the same with any account.
>
> No, it is the default administrator in AD and as such, shouldn't be
> used used as a normal user. Another question is, do you use the
> winbind 'ad' backend anywhere in your network and have you added a
> uidNumber to Administrator ?
for winbind, i'm not sur if i'm using it..
for the administrator and his uidNumber :
and ldbsearch -H /root/sambackup/private/sam.ldb CN=administrator | grep
uidNumber
--> uidNumber: 10001
>
>
>>
>>> Might help if we see your smb.conf
>>
>> [global]
>> netbios name = DC-TEST
>> realm = LOCAL.MYDOMAIN
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbind, ntp_signd, kcc, dnsupdate, dns
>> workgroup = IETR
>> idmap_ldb:use rfc2307 = yes
>> dns forwarder = 129.20.128.39
>> allow dns updates = nonsecure
>> dns update command=/usr/sbin/samba_dnsupdate --use-samba-tool
>> restrict anonymous = 2
>> printcap name = /dev/null
>> load printers = no
>> disable spoolss = yes
>> printing = bsd
>> log level = 6
>> #auth_audit:10@/var/log/samba/log.auth_audit
>> disable netbios = yes
>> smb ports = 445
>> [netlogon]
>> path = /var/lib/samba/sysvol/local.mydomain/scripts
>> read only = No
>> vfs objects = full_audit
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>> vfs objects = full_audit
>
> By setting 'vfs objects = full_audit', you have turned off the default
> vfs objects, if you are going to set a vfs object on a DC, set it like
> this: vfs objects = dfs_samba4 acl_xattr full_audit
>
> Rowland
ok i'm gona try to change the conf file accordingly.
More information about the samba
mailing list