Bug#266432: [Logcheck-devel] Bug#266432: logcheck: missing ignore pattern for pam_winbind
maks attems
debian at sternwelten.at
Fri Aug 27 16:15:58 UTC 2004
On Fri, 27 Aug 2004, Sam Snow wrote:
> maks attems said:
> >
> > added in logcheck cvs for workstation level.
> > thanks for your bug-report, you may want to test attached
> > local-winbind in ignore.d.server or ignore.d.workstation
> > on your machine and report back.
> >
> >
>
> Hmmm. The attached match did not work for me; I still received the
> messages. When I shortened the match to just "granted acces$" I was able
> to get a match, so the permissions on my added file were correct for
> logcheck to be able to read and use it. I will look a little more and see
> if I can figure it out.
>
> Again, a sample syslog entry looks like the following:
>
> Aug 27 07:48:38 wardrobe pam_winbind[971]: user 'lisa.snow' granted acces
from adduser source:
"To avoid problems, the username should consist of a letter or
underscore followed by letters, digits, underscores, and dashes. For
compatibility with Samba machine accounts \$ is also supported at the
end of the username."
my regex concerning the username didn't work for this f***ing username
with a dot '.'.
> I also found another message that is probably safe to ignore. This one
> occurs when you have a user who exists on the /etc/passwd side only, but
> does not have a match on the NT/2000 domain with which you are checking
> passwords.
>
> Since winbind checks and is not able to find that user on its side, it
> gives back the following message:
>
> Aug 27 07:48:28 wardrobe pam_winbind[968]: request failed: No such user, PAM error was 10, NT error was NT_STATUS_NO_SUCH_USER
>
> I blocked it by adding NT_STATUS_NO_SUCH_USER$ to the violations.ignore.d
> directory. I suppose a more complete match would be a better practice for
> this one as well.
you may want to try attached local-winbind.
please report back.
--
maks
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_winbind\[[0-9]+\]: user '[._[:alnum:]-]+' granted acces$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_winbind\[[0-9]+\]: request failed: No such user, PAM error was [0-9]+, NT error was [_[:alpha:]]+$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040827/14760dc1/attachment.pgp
More information about the Logcheck-devel
mailing list