Seems the attachment was removed, my bad.
Here is a copy paste of it. Log 1 Event Type: Success Audit Event Source: Security Event Category: Account Logon Event ID: 680 Date: 2005/10/31 Time: 11:40:34 AM User: D_ABSA\svc-058-OPTEQ Computer: S058DS1025002 Description: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: SVC-058-OPTEQ Source Workstation: CONT Error Code: 0x0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Log 2 Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 2005/10/31 Time: 11:40:34 AM User: D_ABSA\svc-058-OPTEQ Computer: S058DS1025002 Description: Successful Network Logon: User Name: svc-058-OPTEQ Domain: D_ABSA Logon ID: (0x0,0x4BD7994) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: CONT Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.199.12.50 Source Port: 0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Log 3 Event Type: Success Audit Event Source: Security Event Category: Directory Service Access Event ID: 565 Date: 2005/10/31 Time: 11:40:34 AM User: D_ABSA\svc-058-OPTEQ Computer: S058DS1025002 Description: Object Open: Object Server: Security Account Manager Object Type: SAM_SERVER Object Name: CN=Server,CN=System,DC=ds1,DC=ad,DC=absa,DC=co,DC=za Handle ID: 104898856 Operation ID: {0,79526330} Process ID: 544 Process Name: C:\WINDOWS\system32\lsass.exe Primary User Name: S058DS1025002$ Primary Domain: D_ABSA Primary Logon ID: (0x0,0x3E7) Client User Name: svc-058-OPTEQ Client Domain: D_ABSA Client Logon ID: (0x0,0x4BD7994) Accesses: READ_CONTROL InitializeServer EnumerateDomains Undefined Access (no effect) Bit 7 Privileges: - Properties: --- samServer Access Mask: 0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Log 4 Event Type: Success Audit Event Source: Security Event Category: Directory Service Access Event ID: 565 Date: 2005/10/31 Time: 11:40:34 AM User: D_ABSA\svc-058-OPTEQ Computer: S058DS1025002 Description: Object Open: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: DC=ds1,DC=ad,DC=absa,DC=co,DC=za Handle ID: 104901400 Operation ID: {0,79526337} Process ID: 544 Process Name: C:\WINDOWS\system32\lsass.exe Primary User Name: S058DS1025002$ Primary Domain: D_ABSA Primary Logon ID: (0x0,0x3E7) Client User Name: svc-058-OPTEQ Client Domain: D_ABSA Client Logon ID: (0x0,0x4BD7994) Accesses: READ_CONTROL ReadOtherParameters CreateUser GetLocalGroupMembership Privileges: - Properties: --- domain READ_CONTROL ReadOtherParameters CreateUser GetLocalGroupMembership Domain Password & Lockout Policies lockOutObservationWindow lockoutDuration lockoutThreshold maxPwdAge minPwdAge minPwdLength pwdHistoryLength pwdProperties Other Domain Parameters (for use by SAM) serverState serverRole modifiedCount uASCompat forceLogoff domainReplica oEMInformation Domain Administer Server Access Mask: 0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Log 5 Event Type: Failure Audit Event Source: Security Event Category: Privilege Use Event ID: 577 Date: 2005/10/31 Time: 11:40:34 AM User: D_ABSA\svc-058-OPTEQ Computer: S058DS1025002 Description: Privileged Service Called: Server: Security Account Manager Service: Security Account Manager Primary User Name: S058DS1025002$ Primary Domain: D_ABSA Primary Logon ID: (0x0,0x3E7) Client User Name: svc-058-OPTEQ Client Domain: D_ABSA Client Logon ID: (0x0,0x4BD7994) Privileges: SeMachineAccountPrivilege For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Log 6 Event Type: Success Audit Event Source: Security Event Category: Directory Service Access Event ID: 565 Date: 2005/10/31 Time: 11:40:34 AM User: D_ABSA\svc-058-OPTEQ Computer: S058DS1025002 Description: Object Open: Object Server: Security Account Manager Object Type: SAM_USER Object Name: S-1-5-21-114451664-1017779763-1228766249-154890 Handle ID: 104900128 Operation ID: {0,79526354} Process ID: 544 Process Name: C:\WINDOWS\system32\lsass.exe Primary User Name: S058DS1025002$ Primary Domain: D_ABSA Primary Logon ID: (0x0,0x3E7) Client User Name: svc-058-OPTEQ Client Domain: D_ABSA Client Logon ID: (0x0,0x4BD7994) Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadGeneralInformation ReadPreferences WritePreferences ReadLogon ReadAccount WriteAccount ChangePassword (with knowledge of old password) SetPassword (without knowledge of old password) ListGroups Privileges: - Properties: --- user DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadGeneralInformation ReadPreferences WritePreferences ReadLogon ReadAccount WriteAccount ChangePassword (with knowledge of old password) SetPassword (without knowledge of old password) ListGroups General Information codePage countryCode objectSid primaryGroupID sAMAccountName comment displayName Account Restrictions accountExpires pwdLastSet userAccountControl userParameters Logon Information badPwdCount homeDirectory homeDrive lastLogoff lastLogon logonCount logonHours logonWorkstation profilePath scriptPath Public Information description Group Membership memberOf Change Password Reset Password %{7ed84960-ad10-11d0-8a92-00aa006e0529} Access Mask: 0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Log 7 Event Type: Success Audit Event Source: Security Event Category: Account Management Event ID: 628 Date: 2005/10/31 Time: 11:40:34 AM User: D_ABSA\svc-058-OPTEQ Computer: S058DS1025002 Description: User Account password set: Target Account Name: cont$ Target Domain: D_ABSA Target Account ID: D_ABSA\cont$ Caller User Name: svc-058-OPTEQ Caller Domain: D_ABSA Caller Logon ID: (0x0,0x4BD7994) For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Log 8 Event Type: Success Audit Event Source: Security Event Category: Object Access Event ID: 562 Date: 2005/10/31 Time: 11:40:34 AM User: D_ABSA\svc-058-OPTEQ Computer: S058DS1025002 Description: Handle Closed: Object Server: Security Account Manager Handle ID: 104900128 Process ID: 544 Image File Name: C:\WINDOWS\system32\lsass.exe For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Log 9 Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 538 Date: 2005/10/31 Time: 11:40:34 AM User: D_ABSA\svc-058-OPTEQ Computer: S058DS1025002 Description: User Logoff: User Name: svc-058-OPTEQ Domain: D_ABSA Logon ID: (0x0,0x4BD7994) Logon Type: 3 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Barnes Sent: 02 November 2005 09:28 AM To: 'Andrew Bartlett' Cc: samba@lists.samba.org Subject: RE: [Samba] Re: NTLM Problems Hi, Even if the client doesn't support Kerberos should I leave that option enabled in smb.conf? Attached are the log files, maybe they can help. Cheers Ian -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: 02 November 2005 07:03 AM To: Ian Barnes Cc: samba@lists.samba.org Subject: RE: [Samba] Re: NTLM Problems On Wed, 2005-11-02 at 06:54 +0200, Ian Barnes wrote: > Okay, ill remove the realm line if its not in use. I only fill it in if im > using Kerberos? Or should it be filled in at all times? You should be using kerberos. I strongly suggest running 'security=ads'. > Any idea as to why I could be "falling out" of the domain? Its strange and > only seems to be our unit that is doing this. All other machines that log > onto the domain don't have this problem. See if there are clues in the DC-side event log. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
