On Wed, Mar 9, 2011 at 12:33 AM, Sharik M <[email protected]> wrote: > Dear Friend, > > > Is it possible to deactivate pre-authentification on the Linux (or > > Windows) side to avoid these messages ? > > Becouse i am getting lot of erro in windows 2003 domain. > > Hi, > > When validating users on my Linux system against an ActiveDirectory, > the Windows event log are filled with messages like these (Windows > Event ID 675): > > Pre-authentication failed: > User Name: linux$ > User ID: KK\linux$ > Service Name: krbtgt/KK.LOCAL > Pre-Authentication Type: 0x0 > Failure Code: 0x19 > Client Address: 1.2.3.4 > > > (1.2.3.4 is the IP address of the Linux machine, LINUX the hostname of > the Linux machine). > > The message above comes at every request from the Linux machine (every 5 > minutes on this installation). If I am validating a user, the same > message is shown for the user like this (user name validated=test): > > Pre-authentication failed: > User Name: test$ > User ID: KK\test$ > Service Name: krbtgt/KK.LOCAL > Pre-Authentication Type: 0x0 > Failure Code: 0x19 > Client Address: 1.2.3.4 > > Messages logged on behalf of a user may be disabled by deactivating > pre-authentification for each user. But I cannot find any place in > ActiveDirectory to disable it for the machine account. > > What is missing ? > > Is it possible to deactivate pre-authentification on the Linux (or > Windows) side to avoid these messages ? > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Although annoying, these are not necessarily all that bad of audit entries because it may be trying different methods of authenticating. First one fails so it tries a more difficult one. i wonder if it would be better to attempt a reset of the machine account password from AD, then setting DONT_REQ_PREAUTH. You can change it via adsiedit or adexplorer.exe DONT_REQ_PREAUTH http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B305144 ms-DS-User-Account-Control-Computed p.s. i typed this 5 days ago and just found it was not sent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
