[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Massenhaft NT_STATUS_LOGON_FAILURE im syslog

Hallo,

ich bin über massenhafte NT_STATUS_* Meldungen in 

/var/log# zgrep -c NT_STATUS kern.log* syslog* messages*
kern.log:2753999
kern.log.1.gz:12543123
kern.log.2.gz:1539579
kern.log.3.gz:1032060
kern.log.4.gz:848403
syslog:2753974
syslog.1.gz:1400549
syslog.2.gz:2708699
syslog.3.gz:2709865
syslog.4.gz:2700634
syslog.5.gz:1320486
syslog.6.gz:557527
syslog.7.gz:559671
messages:2753864
messages.1.gz:12543124
messages.2.gz:1539579
messages.3.gz:1032060
messages.4.gz:848403


Ein zufälliger Ausschnitt aus kern.log sieht so aus

Feb  6 07:41:34 host01 kernel: [8380928.017182] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:34 host01 kernel: [8380928.018720] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:34 host01 kernel: [8380928.020659] Status code returned 0xc0000071 NT_STATUS_PASSWORD_EXPIRED
Feb  6 07:41:34 host01 kernel: [8380928.021989] Status code returned 0xc0000071 NT_STATUS_PASSWORD_EXPIRED
Feb  6 07:41:34 host01 kernel: [8380928.023680] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:34 host01 kernel: [8380928.027834] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:34 host01 kernel: [8380928.029280] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:34 host01 kernel: [8380928.030981] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:34 host01 kernel: [8380928.032680] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:34 host01 kernel: [8380928.034390] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:34 host01 kernel: [8380928.036305] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:34 host01 kernel: [8380928.037771] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:34 host01 kernel: [8380928.043969] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:35 host01 kernel: [8380929.059816] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:35 host01 kernel: [8380929.059821] cifs_vfs_err: 192 callbacks suppressed
Feb  6 07:41:35 host01 kernel: [8380929.059824] CIFS VFS: Send error in SessSetup = -13
Feb  6 07:41:35 host01 kernel: [8380929.063770] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.063774] CIFS VFS: Send error in SessSetup = -13
Feb  6 07:41:35 host01 kernel: [8380929.066173] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.066178] CIFS VFS: Send error in SessSetup = -13
Feb  6 07:41:35 host01 kernel: [8380929.068088] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:35 host01 kernel: [8380929.068092] CIFS VFS: Send error in SessSetup = -13
Feb  6 07:41:35 host01 kernel: [8380929.070766] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.070770] CIFS VFS: Send error in SessSetup = -13
Feb  6 07:41:35 host01 kernel: [8380929.072385] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.072388] CIFS VFS: Send error in SessSetup = -13
Feb  6 07:41:35 host01 kernel: [8380929.074557] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:35 host01 kernel: [8380929.074561] CIFS VFS: Send error in SessSetup = -13
Feb  6 07:41:35 host01 kernel: [8380929.078094] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:35 host01 kernel: [8380929.078098] CIFS VFS: Send error in SessSetup = -13
Feb  6 07:41:35 host01 kernel: [8380929.081325] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.081336] CIFS VFS: Send error in SessSetup = -13
Feb  6 07:41:35 host01 kernel: [8380929.082832] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.082836] CIFS VFS: Send error in SessSetup = -13
Feb  6 07:41:35 host01 kernel: [8380929.084526] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.086372] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.089115] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:35 host01 kernel: [8380929.091242] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:35 host01 kernel: [8380929.093428] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.095211] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.097164] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:35 host01 kernel: [8380929.099162] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb  6 07:41:35 host01 kernel: [8380929.100726] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.102397] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.103734] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.105216] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Feb  6 07:41:35 host01 kernel: [8380929.107034] Status code returned 0xc0000071 NT_STATUS_PASSWORD_EXPIRED
Feb  6 07:41:35 host01 kernel: [8380929.108154] Status code returned 0xc0000071 NT_STATUS_PASSWORD_EXPIRED


Das ganze hat sicher irgendwie mit Samba zu tun, denn


/usr/lib $ grep -lR NT_STATUS_LOGON_FAILURE * 2>/dev/null
x86_64-linux-gnu/samba/libauth.so.0
x86_64-linux-gnu/samba/liberrors.so.0



Es handelt sich um ein aktuelles Debian Jessie, das ich selber nicht
aufgesetzt habe.  Ich habe auch keine Ahnung von Samba und wohin ich
gucken müßte, um die Ursache zu finden.  Wo sollte ich zuerst hinsehen
um diese massenhaften Fehlermeldungen (logs wachsen auf 1.5GB an) zu
vermeiden?

Viele Grüße

       Andreas.

-- 
http://fam-tille.de
Reply to: