[Samba] Failed auth attempt i don't understand.

karel.de.macil at free.fr karel.de.macil at free.fr
Thu Oct 1 19:47:46 UTC 2020 

Le 01/10/2020 20:46, Rowland penny via samba a écrit :
> On 01/10/2020 19:06, karel.de.macil at free.fr wrote:
>> Le 01/10/2020 19:27, Rowland penny via samba a écrit :
>>> 
>>> Is this on a DC or a Unix domain member ?
>> 
>> this is a remote desktop attempt on a computer who is in the domain 
>> managed by the DC from which i get the log
> I actually meant where the log came from.
The log commes from the samba 4 DC of the domain.

>> 
>>> Why are you using Administrator on Unix ?
>> 
>> This is the default administrator account in samba4 but the behavior 
>> is the same with any account.
> 
> No, it is the default administrator in AD and as such, shouldn't be
> used used as a normal user. Another question is, do you use the
> winbind 'ad' backend anywhere in your network and have you added a
> uidNumber to Administrator ?

for winbind, i'm not sur if i'm using it..

for the administrator and his uidNumber :
and ldbsearch -H /root/sambackup/private/sam.ldb CN=administrator | grep 
uidNumber
--> uidNumber: 10001


> 
> 
>> 
>>> Might help if we see your smb.conf
>> 
>> [global]
>>         netbios name = DC-TEST
>>         realm = LOCAL.MYDOMAIN
>>         server role = active directory domain controller
>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
>> drepl, winbind, ntp_signd, kcc, dnsupdate, dns
>> workgroup = IETR
>>         idmap_ldb:use rfc2307  = yes
>>         dns forwarder = 129.20.128.39
>>         allow dns updates = nonsecure
>>         dns update command=/usr/sbin/samba_dnsupdate --use-samba-tool
>>         restrict anonymous = 2
>>         printcap name = /dev/null
>>         load printers = no
>>         disable spoolss = yes
>>         printing = bsd
>>         log level = 6
>>         #auth_audit:10@/var/log/samba/log.auth_audit
>>         disable netbios = yes
>>         smb ports = 445
>> [netlogon]
>>         path = /var/lib/samba/sysvol/local.mydomain/scripts
>>         read only = No
>>         vfs objects = full_audit
>> [sysvol]
>>         path = /var/lib/samba/sysvol
>>         read only = No
>>         vfs objects = full_audit
> 
> By setting 'vfs objects = full_audit', you have turned off the default
> vfs objects, if you are going to set a vfs object on a DC, set it like
> this: vfs objects = dfs_samba4 acl_xattr full_audit
> 
> Rowland

ok i'm gona try to change the conf file accordingly.

More information about the samba mailing list