[Samba] Failed NTLM Request
Prash
getprashman at yahoo.co.uk
Thu May 26 10:37:46 UTC 2022
Hi,
I need some help with a problem. I have a linux server running Samba and Winbind (4.10.16-18). It is joined to an AD which in turn has a one way trust with a couple other ADs which contains the users. Users can login absolutely fine and there is no issue with any users. The problem I'm seeing is that when I packet capture, I see lots of logon failures to trusted ADs. Interestingly, the user it shows as failed is not the actual user but the hostname of the samba server. I have attached a screenshot of wireshark. These failed requests continue all throughout the day.
Any ideas as to what could be causing this and how I could stop this?
wbinfo --all-domains
BUILTIN
XXXXX-I-01479829
XXXX-LOC
YYYYY
YYYY-MMMM
The second item above is the hostname. It tries to authenticate with the hostname repeatedly as seen in the screenshot.
Thanks.
Screenshot:
https://ibb.co/rwGPHGm
More information about the samba
mailing list