In a leap of faith, I decided to relax the iptables rules on our Samba DC (4.0.5) on Wednesday, permitting some of our production clients to actually authenticate against it (in addition to our W2k3R2 DC). After all, there are no replication errors and no errors either in log.samba or Windows event log, so things _should've_ been generally working, and various test clients also have had no problems.
To limit the fallout of potential failures I chose to do this on the eve of the Ascension Day (a public holiday where I live), knowing that almost all people would be off work on the following day, and that many people would also be having an extra day off today. Alas, things didn't go entirely smoothly. One person, who had came to work on Thursday afternoon despite the holiday, complained to me that he was having login problems (wrong username or password) and that only after first (successfully) logging on to a different workstation he, on a second attempt, managed to log on to his normal workstation. He also said that these problems had been repeated this morning. Given this information, I investigated log.samba and found the following: [2013/05/09 12:39:57, 0] ../lib/util/util.c:457(dump_data) [0000] 00 00 00 00 62 00 00 00 00 00 00 00 20 00 20 00 ....b... .... . . [0010] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . . [0020] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . . [0030] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . . [0040] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . . [0050] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . . [0060] 20 00 20 00 20 00 20 00 20 00 20 00 50 00 00 . . . . . .P.. That hexdump with exactly the same contents was repeated 10 times yesterday afternoon and another 31 times this morning. The times of the dumps roughly matched the times of the logon failures. Question: how much more verbosity for log.samba would be needed to further investigate this problem? I'd rather not log everything with "-d10" for extended periods of time, because I really can't know how long it will take for the problem to reappear. I've now increased logging from the default level to "-d3". I also wish to turn on Kerberos logging in Samba so that I could have something akin to Windows's security log and see all successful and failed login attempts. Can this be achieved by normal krb5 logging settings in krb5.conf (as described on man 3 krb5_openlog)? Any recommended logging settings? Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba