> I can not think of any right now. You may want to check some of these > logs to see what they are trying to access. > > John
Well, in most cases, it looks like an authentication is being attempted, like the following (full context below): ... [2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] ... [2007/08/20 07:28:09, 3] auth/auth_sam.c:check_sam_security(264) check_sam_security: Couldn't find user 'USERNAME' in passdb. [2007/08/20 07:28:09, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [OURDOMAIN] was for this SAM. [2007/08/20 07:28:09, 2] auth/auth.c:check_ntlm_password(317) check_ntlm_password: Authentication for user [USERNAME] -> [USERNAME] FAILED with error NT_STATUS_NO_SUCH_USER -Matt [2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087) Transaction 1 of length 137 [2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 27394) conn 0x0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [PC NETWORK PROGRAM 1.0] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN1.0] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [Windows for Workgroups 3.1a] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LM1.2X002] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN2.1] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [NT LM 0.12] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(579) Selected protocol NT LM 0.12 [2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087) Transaction 2 of length 240 [2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 27394) conn 0x0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=12 flg2=0xc807 [2007/08/20 07:28:09, 2] smbd/sesssetup.c:setup_new_vc_session(772) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) Doing spnego session setup [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_spnego_negotiate(525) Got OID 1 3 6 1 4 1 311 2 2 10 [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_spnego_negotiate(528) Got secblob of size 40 [2007/08/20 07:28:09, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088297 [2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087) Transaction 3 of length 288 [2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 27394) conn 0x0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=12 flg2=0xc807 [2007/08/20 07:28:09, 2] smbd/sesssetup.c:setup_new_vc_session(772) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) Doing spnego session setup [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/08/20 07:28:09, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662) Got user=[] domain=[] workstation=[COMPUTER-NAME] len1=1 len2=0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/08/20 07:28:09, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: guest authentication for user [] succeeded [2007/08/20 07:28:09, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/08/20 07:28:09, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088235 [2007/08/20 07:28:09, 3] smbd/password.c:register_vuid(257) User name: nobody Real name: nobody [2007/08/20 07:28:09, 3] smbd/password.c:register_vuid(276) UNIX uid 65534 is UNIX user nobody, and will be vuid 101 [2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087) Transaction 4 of length 86 [2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 27394) conn 0x0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/service.c:make_connection_snum(495) Connect path is '/var/tmp' for service [IPC$] [2007/08/20 07:28:09, 3] lib/util_seaccess.c:se_access_check(250) [2007/08/20 07:28:09, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1353595730-3054078111-0123456789-501 se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-132067 se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-132069 [2007/08/20 07:28:09, 3] smbd/vfs.c:vfs_init_default(216) Initialising default vfs hooks [2007/08/20 07:28:09, 3] lib/util_seaccess.c:se_access_check(250) [2007/08/20 07:28:09, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-1353595730-3054078111-0123456789-501 se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-132067 se_access_check: also S-1-5-21-1353595730-3054078111-0123456789-132069 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/service.c:make_connection_snum(700) COMPUTER-NAME (192.1.70.21) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 27394) [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/reply.c:reply_tcon_and_X(708) tconX service=IPC$ [2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087) Transaction 5 of length 132 [2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 27394) conn 0x803aec30 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\LANMAN> data=0 params=36 setup=0 [2007/08/20 07:28:09, 3] smbd/ipc.c:named_pipe(334) named pipe command on <LANMAN> name [2007/08/20 07:28:09, 3] smbd/lanman.c:api_reply(3670) Got API command 104 of form <WrLehDz> <B16BBDz> (tdscnt=0,tpscnt=36,mdrcnt=4200,mprcnt=8) [2007/08/20 07:28:09, 3] smbd/lanman.c:api_reply(3674) Doing NetServerEnum [2007/08/20 07:28:09, 3] smbd/lanman.c:api_RNetServerEnum(1349) NetServerEnum domain = OURDOMAIN uLevel=1 counted=3 total=3 [2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087) Transaction 6 of length 43 [2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886) switch message SMBulogoffX (pid 27394) conn 0x0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/reply.c:reply_ulogoffX(1606) ulogoffX vuid=101 [2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087) Transaction 7 of length 39 [2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886) switch message SMBtdis (pid 27394) conn 0x803aec30 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/service.c:close_cnum(892) COMPUTER-NAME (192.1.70.21) closed connection to service IPC$ [2007/08/20 07:28:09, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/process.c:timeout_processing(1340) timeout_processing: End of file from client (client has disconnected). [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 2] smbd/server.c:exit_server(614) Closing connections [2007/08/20 07:28:09, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2007/08/20 07:28:09, 3] smbd/server.c:exit_server(655) Server exit (normal exit) [2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087) Transaction 1 of length 137 [2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 27395) conn 0x0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [PC NETWORK PROGRAM 1.0] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN1.0] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [Windows for Workgroups 3.1a] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LM1.2X002] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN2.1] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [NT LM 0.12] [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2007/08/20 07:28:09, 3] smbd/negprot.c:reply_negprot(579) Selected protocol NT LM 0.12 [2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087) Transaction 2 of length 240 [2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 27395) conn 0x0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=12 flg2=0xc807 [2007/08/20 07:28:09, 2] smbd/sesssetup.c:setup_new_vc_session(772) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) Doing spnego session setup [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_spnego_negotiate(525) Got OID 1 3 6 1 4 1 311 2 2 10 [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_spnego_negotiate(528) Got secblob of size 40 [2007/08/20 07:28:09, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088297 [2007/08/20 07:28:09, 3] smbd/process.c:process_smb(1087) Transaction 3 of length 382 [2007/08/20 07:28:09, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 27395) conn 0x0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=12 flg2=0xc807 [2007/08/20 07:28:09, 2] smbd/sesssetup.c:setup_new_vc_session(772) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) Doing spnego session setup [2007/08/20 07:28:09, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/08/20 07:28:09, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662) Got user=[USERNAME] domain=[COMPUTER-NAME] workstation=[COMPUTER-NAME] len1=24 len2=24 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/08/20 07:28:09, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/08/20 07:28:09, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/08/20 07:28:09, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/08/20 07:28:09, 2] lib/smbldap.c:smbldap_open_connection(724) smbldap_open_connection: connection opened [2007/08/20 07:28:09, 3] lib/smbldap.c:smbldap_connect_system(926) ldap_connect_system: succesful connection to the LDAP server [2007/08/20 07:28:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/08/20 07:28:09, 3] auth/auth_sam.c:check_sam_security(264) check_sam_security: Couldn't find user 'USERNAME' in passdb. [2007/08/20 07:28:09, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [OURDOMAIN] was for this SAM. [2007/08/20 07:28:09, 2] auth/auth.c:check_ntlm_password(317) check_ntlm_password: Authentication for user [USERNAME] -> [USERNAME] FAILED with error NT_STATUS_NO_SUCH_USER -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba