[Samba] invalid NTLMSSP_MIC / SPNEGO login failed: NT_STATUS_INVALID_PARAMETER
Boris S.
ml16 at bst.myftp.info
Mon Oct 24 17:03:42 UTC 2016
Hello,
since I upgraded my NT4 domain Samba 4.2.11 to 4.2.14 I can no longer
authenticate
when I access any share.
After that I even upgraded to Samba 4.4.5 but still get the same error:
[2016/10/15 04:42:19.786198, 2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [xx] -> [xx] -> [xx]
succeeded
[2016/10/15 04:42:19.789933, 1]
../auth/ntlmssp/ntlmssp_server.c:950(ntlmssp_server_postauth)
ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[xx]
domain=[XXXXXXX] workstation=[XXXXX]
[2016/10/15 04:42:19.789982, 1] ../lib/util/util.c:559(dump_data)
[0000] 97 BD D0 A6 D7 16 E4 0A 59 33 62 ED CC 6A 35 04 ........
Y3b..j5.
[2016/10/15 04:42:19.790035, 1] ../lib/util/util.c:559(dump_data)
[0000] F2 85 BB 00 46 11 89 C4 84 E3 2C 4C 5D FA F4 6A ....F...
..,L]..j
[2016/10/15 04:42:19.790095, 2]
../auth/gensec/spnego.c:716(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_INVALID_PARAMETER
Server: FreeBSD 10.3/64 bit
Clients: Windows 7 64bit
When I downgrade to 4.2.11 everything works again.
An upgrade to DC is currently not an option so I need to stick to NT4
PDC for a while.
I duplicated the whole server to a VM, so I could test anything and
wouldn't harm the production server.
Any idea what might the cause?
Do you need more Information?
My smb.conf:
[global]
workgroup = XXXXXXX
netbios name = SERVER
unix password sync = false
max log size = 100
unix extensions = no
log level = 2 vfs:2
map to guest = Bad User
server max protocol = smb2
server min protocol = smb2
passdb backend = tdbsam
unix charset = ISO8859-1
dos charset = CP1252
bind interfaces only = yes
hosts allow = 192.168.255. 127.
acl allow execute always = True
load printers = no
log file = /var/log/samba4/log.%m
log level = 2
security = user
encrypt passwords = yes
interfaces = em0, lo0
local master = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
wins proxy = yes
dns proxy = no
More information about the samba
mailing list