Paul Gienger wrote: >>>It completely depends on your logging settings. Perhaps show your smb.conf >>>global section so we can tell. >>>In my setup, and from the looks of things around here, a lot of other >>>peoples, is that there is a main log.smbd file and then also a log for each >>>machine. Check in those if you are so configured. I'm sure we'll have >>>better info for you once we see your globals. >>> >>> >> >>None of which are terribly useful or consice for loggin access attempts. >> >Then you aren't trying hard enough. I 'was' getting stuff like this in my >logs all over the place > >check_ntlm_password: Authentication for user [training] -> [training] FAILED >with error NT_STATUS_NO_SUCH_USER >and >check_ntlm_password: Authentication for user [cmcleod] -> [cmcleod] FAILED >with error NT_STATUS_WRONG_PASSWORD
Well I don't see those - I DID look first ! >If that isn't a failed login then I don't know what is. Depending on your >setup you'll see this in a machine specific file or the unified log file. >Trolling through isn't that bad, if you do a grep for NT and then another grep >for FAILED you'll get the machine it was coming from (in the file: section of >grep) and probably the username (as above) and the reason it was failed (also >above). slox:/var/log/samba # ls -l total 6662 drwxr-x--- 2 root root 648 2004-11-22 08:53 . drwxr-xr-x 10 root root 7736 2004-11-20 00:15 .. -rw-r--r-- 1 root root 516017 2004-11-22 08:53 log.nmbd -rw-r--r-- 1 root root 31367 2004-05-21 00:15 log.nmbd-20040521.gz -rw-r--r-- 1 root root 31987 2004-11-01 00:15 log.nmbd-20041101.gz -rw-r--r-- 1 root root 41480 2004-11-05 00:15 log.nmbd-20041105.gz -rw-r--r-- 1 root root 36204 2004-11-11 00:15 log.nmbd-20041111.gz -rw-r--r-- 1 root root 40248 2004-11-18 00:15 log.nmbd-20041118.gz -rw-r--r-- 1 root root 591783 2004-11-22 08:52 log.smbd -rw-r--r-- 1 root root 39300 2004-05-28 00:15 log.smbd-20040528.gz -rw-r--r-- 1 root root 46070 2004-11-01 00:15 log.smbd-20041101.gz -rw-r--r-- 1 root root 44033 2004-11-02 00:15 log.smbd-20041102.gz -rw-r--r-- 1 root root 55800 2004-11-03 00:15 log.smbd-20041103.gz -rw-r--r-- 1 root root 55538 2004-11-04 00:15 log.smbd-20041104.gz -rw-r--r-- 1 root root 38379 2004-11-06 00:15 log.smbd-20041106.gz -rw-r--r-- 1 root root 38531 2004-11-11 00:15 log.smbd-20041111.gz -rw-r--r-- 1 root root 51668 2004-11-18 00:15 log.smbd-20041118.gz -rw-r--r-- 1 root root 5120229 2004-10-29 21:12 log.smbd.old slox:/var/log/samba # grep FAILED * slox:/var/log/samba # grep NT * Binary file log.nmbd-20041101.gz matches Binary file log.nmbd-20041118.gz matches Binary file log.smbd-20041104.gz matches Binary file log.smbd-20041106.gz matches Binary file log.smbd-20041118.gz matches slox:/var/log/samba # This was after I'd deliberately done a failed login. >If you're not seeing that, turn up your log level until you do. I don't think >I've ever operated higher than 2 in production. I still don't get failed login messages at log level 3. I've changed the 'log file' parameter to log to individual machine files, and then did a bad login on my PC, this is what I got in the machine log file (on log level 2) : slox:/var/log/samba # cat log.pc180-shobson [2004/11/22 09:44:03, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1318) failed to decode PDU [2004/11/22 09:44:03, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(504) process_request_pdu: failed to do schannel processing. [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_open_connection(217) ldap_open_connection: connection opened [2004/11/22 09:44:03, 0] passdb/pdb_ldap.c:ldap_connect_system(316) ldap_connect_system: Binding to ldap server as "uid=cyrus,dc=colony,dc=com" [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_connect_system(331) ldap_connect_system: succesful connection to the LDAP server [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_search_one_user(343) ldap_search_one_user: searching for:[(&(uid=pc180-shobson$)(objectclass=sambaAccount))] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [uid] = [pc180-shobson$] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576) Entry found for user: pc180-shobson$ [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdLastSet] = [1098964404] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [logonTime] = [0] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [logoffTime] = [0] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [kickoffTime] = [0] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdCanChange] = [0] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdMustChange] = [0] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [cn] = [PC180-SHOBSON$] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [homeDrive] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [smbHome] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [scriptPath] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [profilePath] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [description] = [Windows Workstation pc180-shobson] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [userWorkstations] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [rid] = [2001006] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [primaryGroupID] = [132069] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [lmPassword] = [xxx] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [ntPassword] = [x] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [acctFlags] = [[W ]] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_open_connection(217) ldap_open_connection: connection opened [2004/11/22 09:44:03, 0] passdb/pdb_ldap.c:ldap_connect_system(316) ldap_connect_system: Binding to ldap server as "uid=cyrus,dc=colony,dc=com" [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_connect_system(331) ldap_connect_system: succesful connection to the LDAP server [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:ldap_search_one_user(343) ldap_search_one_user: searching for:[(&(uid=shobson)(objectclass=sambaAccount))] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [uid] = [shobson] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576) Entry found for user: shobson [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdLastSet] = [1086254073] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [logonTime] = [0] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [logoffTime] = [2147483647] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [kickoffTime] = [2147483647] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdCanChange] = [0] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [pwdMustChange] = [2147483647] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [cn] = [Simon Hobson] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [homeDrive] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [smbHome] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [scriptPath] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [profilePath] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [description] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(435) get_single_attribute: [userWorkstations] = [<does not exist>] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [rid] = [2008] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [primaryGroupID] = [2023] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [lmPassword] = [xxx] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [ntPassword] = [xxx] [2004/11/22 09:44:03, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [acctFlags] = [[U ]] slox:/var/log/samba # smbstatus reports : Samba version 2.2.8a-UL and my globals are : [global] workgroup = CGC netbios aliases = filestore CDJukebox server string = Colony Main Server encrypt passwords = Yes map to guest = Bad User username map = /etc/samba/smbusers log level = 2 log file = /var/log/samba/log.%m syslog = 0 time server = Yes unix extensions = Yes socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY printcap name = CUPS domain admin group = root admin administrator add user script = /usr/sbin/addsmbmachine2ldap %m logon script = logon.bat logon path = logon drive = H: logon home = domain logons = Yes os level = 60 domain master = Yes enhanced browsing = No wins support = Yes ldap port = 389 ldap suffix = dc=colony,dc=com ldap admin dn = uid=cyrus,dc=colony,dc=com ldap ssl = no ldap del only sam attr = Yes admin users = Administrator administrator ghostadmin printing = cups hide files = /desktop.ini/Desktop.ini/ Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba