Samba and Win2k

Andrew Galdes AGaldes at elders.com.au
Wed May 7 13:09:00 CST 2003


Richard,

> If it is happening every 30 seconds, it should not be too 
> hard to grab a 
> capture with Ethereal and see what is happening.

Its not every 30 seconds. Its a very busy network also. Very hard to capture such action but its possible.

> 'nobody' is used on the Samba side if an anonymous login has 
> been tried 

There shouldn't be any anonymous action (unless it's a windows thing to do so) because all systems are win2k (part of the domain) and therefor logged in.

I did a test which involved browsing a share on the samba server from my win2k client. Three sessions were reported by smbstatus. The first was me doing an IPC$ call, the second was me connecting to the share, and the third was 'nobody' doing an IPC$ also. I didn't compare this to the NT logs. (Didnt have access to it.)

Woud you think that this is the problem or should i be looking elsewhere? The problem being that NT logs 'invalid password errors' "about" every 30 seconds...

AG.
Thanks so far...

-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request at linuxsa.org.au with "unsubscribe" as the subject



More information about the linuxsa mailing list