Web lists-archives.com

[Samba] two log.samba failed password questions




Hi,

Just trying to understand my logs, hence two short questions:

#1, from log.samba:

ntlm_password_check: Interactive logon: NT password check failed for user username

Does "Interactive logon" mean: someone using a workstation to logon? Or could it also be an ldap authentication attempt?

#2, from log.samba:

[2017/07/12 13:54:00.638116,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Looking for PKINIT pa-data -- p2560$@samba.company.com
[2017/07/12 13:54:00.638128,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Looking for ENC-TS pa-data -- p2560$@samba.company.com
[2017/07/12 13:54:00.638168,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Failed to decrypt PA-DATA -- p2560$@samba.company.com (enctype arcfour-hmac-md5) error Decrypt integrity check failed
[2017/07/12 13:54:00.651892,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Failed to decrypt PA-DATA -- p2560$@samba.company.com

This happens mostly for this workstation p2560$, but also occasionally also for some users.

BTW We're very much looking forward to samba 4.7, for the improved authentication logging! :-)

MJ

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba