Hi,

I was checking my samba log files and there are a number of log files like "albert.log", when I open this file I see this :

[2002/11/19 12:18:57, 1] smbd/password.cass_check_smb(497)
Couldn't find user 'ops2' in UNIX password database.
[2002/11/19 12:18:57, 1] smbd/password.cass_check_smb(497)
Couldn't find user 'ops2' in UNIX password database.
[2002/11/19 12:18:57, 1] smbd/reply.c:reply_sesssetup_and_X(927)
Rejecting user 'ops2': authentication failed
[2002/11/19 14:22:53, 1] smbd/password.cass_check_smb(497)
Couldn't find user 'ops2' in UNIX password database.
[2002/11/19 14:22:53, 1] smbd/password.cass_check_smb(497)
Couldn't find user 'ops2' in UNIX password database.
[2002/11/19 14:22:53, 1] smbd/reply.c:reply_sesssetup_and_X(927)
Rejecting user 'ops2': authentication failed

Is this an indication that this guy was trying to break into my workgroup?.

I work in a place where my network it's connected to a windows domain, so people in other departments can see my group and and see the machines in it, but can not browse any of the pcs in my department.

What do you make of this?

Thanks

It's a login attempt (for now). The names like "albert".log should correllate with how samba is configured to handle lognames using "%L" or "%U".

With "login attempt" I mean I only see 2 login attempts with a 2hr+ interval on the same day using the same username. Try to match the log/login names to system names and user names in your domain. If nothing/no one matches and/or your server doesn't expose shares, *then* you can say it's a possible attempt to break in, AFAIK but then again I'm not a Samba expert...