Web lists-archives.com

Re: [Samba] Event log 4768 audit failure user root

On 3/27/2018 11:45 AM, Tom via samba wrote:
Hi there,
I’m new to this mailing list but I have a special question to you.
This older post https://lists.samba.org/archive/samba/2016-June/200271.html describes exactly my problem.
In my case I do not upgraded the samba version. It is a fresh installation on a Ubuntu server box.
The samba version is:  Version 4.3.11-Ubuntu
The winbindd version is: Version 4.3.11-Ubuntu
I use samba/winbindd to add the Ubuntu server through the MS ActiveDirectory.
The linux server is used as a Squid Proxy with a keytab configuration. So there is no user login needed.
It is also not needed to login with an AD user on the linux server.
This configuration is working fine and with no problems.
The only thing is, that every time the server starts or the service [winbind/samba] tries to re-authenticate with the domain controller,
it produces the event 4768 in the active directory domain controllers.
Is it possible to disable this functionality or to configure a dedicated AD user to run such Kerberos ticket requests instead of user root? Any idea / help is welcome.

I don't use a Squid proxy but you can try mapping root to Administrator.

Create the following file /etc/samba/user.map.  Add '!root = DOMAIN\Administrator DOMAIN\administrator' without quotes. In your smb.conf file add under [global] 'username map = /etc/samba/user.map' without quotes again.

Any reason to run such an old version of Samba? It's end of life.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba