[Samba] [SAMBA] understanding log.samba entries

Andrew Bartlett abartlet at samba.org
Wed Oct 5 19:08:35 UTC 2022

On Wed, 2022-10-05 at 09:13 +0200, Łukasz Sellmann via samba wrote:
> Hi
> I'm trying to figure out whats exactly this entries in my log.samba
> on my
> DC means:
> Auth: [SamLogon,network] user []\[] at [Tue, 04 Oct 2022
> 16:29:44.309361
> CEST] with [(null)] status [NT_STATUS_NO_SUCH_USER] workstation
> [\\\\WORKSTATIONNAME] remote host [ipv4:] mapped
> to
> []\[]. local host [ipv4:]  NETLOGON computer [G]
> trust
> account [G$]
> where:
> WORKSTATIONNAME - is a workstation of remote vpn user (does not have
> computer account in Active Directory computers, it's just standalone
> workstation)
> - is a samba linux client joined to AD and working as
> file
> server
> G - G$  - is a DNS name and computer account of above linux server
> with ip
> - is a linux samba Domain Controller server
> Does it means that computer WORKSTATIONNAME tries  to authenticate
> against
> DC to access some shares on G  than G asks for auth my DC which says
> that
> there is no such computer account ?

There is no such user "".

> Or it is something different ?
> I wonder what that means user []\[] and mapped to []\[]. ?

A user tried to authenticate with a domain name and username of the
empty string for anonymous access claiming (this name is not proven) to be from WORKSTATIONNAME, and our DC didn't allow that on NETLOGON.

The domain member server should translate "" to anonymous access
locally, perhaps before or after asking the DC blindly. 

Andrew Bartlett
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list