Hopefully someone can put my mind at ease...
I have about 10 W2K boxes with account lockout threshold of 5 failed logins
and Additional Restrictions for Anonymous Connections set to 'No access w/o
explicit anon. permissions' (Administrative Tools -> Security Settings ->
Local Policies -> Security Options)
I've set up a Samba server this week and in the past few days I've noticed
that some user accounts have been locked out (and its not just people
forgetting their password).
In /etc/samba/MACHINEONE.log I've got entries like this:
[2002/12/17 18:17:56, 0]
rpc_client/cli_spoolss_notify.c:spoolss_connect_to_client(133)
connect to client: machine MACHINEONE rejected the tconX on the IPC$ share.
Error was : NT_STATUS_ACCESS_DENIED.
And in the W2K Security Audit for MACHINETWO, I've got:
Success Audit 18/12/2002 18:55:57 Source:Security Category:Logon/Logoff
Event:538 User:ANONYMOUS LOGON Computer:MACHINETWO
Unfortunately, I can't match up these two event types on a single machine
because the logs and audits are incomplete (I've been switching the smbd log
level and auditing isn't enabled on MACHINEONE )
I just want to be able to track down the cause of this...
THX
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
