[Samba] Workstation authentication and authorization failed event
- Date: Tue, 6 Mar 2018 12:31:38 -0500
- From: lingpanda101 via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Workstation authentication and authorization failed event
I've recently enabled authentication logging and it's been working well. Today I see a failure for a workstation.
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[pc-45@DOMAIN.LOCAL] at [Tue, 06 Mar 2018 11:42:15.767915 EST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_WRONG_PASSWORD] workstation [(null)] remote host [ipv4:172.16.25.47:61738] mapped to [DOMAIN]\[PC-45]. local host [NULL]
In the past this was due to replication failure on a DC. However I'm not sure how to interpret this log. I would expect to see something like PC-45$@DOMAIN.LOCAL. Without the dollar sign it looks as if someone attempted to sign in locally with the username 'PC-45'. I'm in the early stages of investigation but am I correct in this thought process? Thanks.
To unsubscribe from this list go to the following URL and read the