Web lists-archives.com

Re: [Samba] log.samba: ntlm_password_check: Interactive logon: NT password check failed for user username





On 07/19/2017 12:13 AM, Andrew Bartlett via samba wrote:
Is there a way with samba 4.6 to find out more details about these kinds
of failed passwords:

./log.samba:  auth_check_password_recv: sam_ignoredomain authentication for user [DOMAIN\username] FAILED with error NT_STATUS_WRONG_PASSWORD
./log.samba:  auth_check_password_send: Checking password for unmapped user [DOMAIN]\[username]@[(null)]
./log.samba:  auth_check_password_send: mapped user is: [DOMAIN]\[username]@[(null)]
./log.samba:  ntlm_password_check: Interactive logon: NT password check failed for user username
I think it certainly could be LDAP.  In 4.6, the code converts a
plaintext auth from LDAP into an 'interactive' auth.
Turns out: yes, it's over LDAP, and it's a botnet trying out various passwords against our imap server.

4.7 will give you the detail you need to work out what is really going
on, implement fail2ban etc.  In the meantime, all I can suggest is
turning up the logs and trying to stick it back together, but I realise
that isn't very satisfactory.
Nope, it's not, but we read the 4.7 announcement, and we are very happy to see improvements on the way :-)

Thanks for the reply Andrew!

MJ

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba