two log.samba failed password questions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

two log.samba failed password questions

Samba - General mailing list
Hi,

Just trying to understand my logs, hence two short questions:

#1, from log.samba:

> ntlm_password_check: Interactive logon: NT password check failed for user username

Does "Interactive logon" mean: someone using a workstation to logon? Or
could it also be an ldap authentication attempt?

#2, from log.samba:

> [2017/07/12 13:54:00.638116,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
>   Kerberos: Looking for PKINIT pa-data -- p2560$@samba.company.com
> [2017/07/12 13:54:00.638128,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
>   Kerberos: Looking for ENC-TS pa-data -- p2560$@samba.company.com
> [2017/07/12 13:54:00.638168,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
>   Kerberos: Failed to decrypt PA-DATA -- p2560$@samba.company.com (enctype arcfour-hmac-md5) error Decrypt integrity check failed
> [2017/07/12 13:54:00.651892,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
>   Kerberos: Failed to decrypt PA-DATA -- p2560$@samba.company.com

This happens mostly for this workstation p2560$, but also occasionally
also for some users.

BTW We're very much looking forward to samba 4.7, for the improved
authentication logging! :-)

MJ

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...