On Fri, Dec 30, 2011 at 3:59 PM, Camaleón <[email protected]> wrote: > On Fri, 30 Dec 2011 10:48:42 +0000, Bruno Martins wrote: > >> I am having this problem, and it gets logged every second: >> >> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: >> pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=1000 >> euid=1000 tty=:0.0 ruser= rhost= user=joe >> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: >> pam_winbind(gnome-screensaver:auth): getting password (0x00000388) >> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: >> pam_winbind(gnome-screensaver:auth): pam_get_item returned a password >> Dec 25 07:49:51 sputnik gnome-screensaver-dialog: >> pam_winbind(gnome-screensaver:auth): request wbcLogonUser failed: >> WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: >> NT_STATUS_NO_SUCH_USER, Error message was: No such user > > (...) > >> I have no idea of what can I do to solve this. > > Does user "joe" exist in the system? :-? > >> My setup includes winbind authentication. May this be related? > > It can be "indirectly "related but I don't think winbind is generating > those messages by its own... is it possible that the system can be > accessed remotely (by means of VNC, SSH...)? The logs remember me some > kind of password dictionary attack. > > Greetings, > > -- > Camaleón > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: http://lists.debian.org/[email protected] >
User 'joe' exists as a local user, not as an AD user. This server is accessed by SSH and also using xrdp. My first thoughts were precisely that - an attack. This is my nsswitch.conf file: root@sputnik:~# cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat winbind group: compat winbind shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis Best regards, Bruno Martins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
