Re: [Samba] log.samba: ntlm_password_check: Interactive logon: NT password check failed for user username
- Date: Wed, 19 Jul 2017 15:53:23 +0200
- From: mj via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] log.samba: ntlm_password_check: Interactive logon: NT password check failed for user username
On 07/19/2017 12:13 AM, Andrew Bartlett via samba wrote:
Turns out: yes, it's over LDAP, and it's a botnet trying out various
passwords against our imap server.
Is there a way with samba 4.6 to find out more details about these kinds
of failed passwords:
./log.samba: auth_check_password_recv: sam_ignoredomain authentication for user [DOMAIN\username] FAILED with error NT_STATUS_WRONG_PASSWORD
./log.samba: auth_check_password_send: Checking password for unmapped user [DOMAIN]\[username]@[(null)]
./log.samba: auth_check_password_send: mapped user is: [DOMAIN]\[username]@[(null)]
./log.samba: ntlm_password_check: Interactive logon: NT password check failed for user username
I think it certainly could be LDAP. In 4.6, the code converts a
plaintext auth from LDAP into an 'interactive' auth.
Nope, it's not, but we read the 4.7 announcement, and we are very happy
to see improvements on the way :-)
4.7 will give you the detail you need to work out what is really going
on, implement fail2ban etc. In the meantime, all I can suggest is
turning up the logs and trying to stick it back together, but I realise
that isn't very satisfactory.
Thanks for the reply Andrew!
To unsubscribe from this list go to the following URL and read the