[Samba] RDP user can login as user at samdom.com but not as SAMDOM\user
Alex
peter.alexander99 at gmail.com
Thu Dec 2 23:58:01 UTC 2021
Hi!
I set up a Ubuntu 18.04.6 Samba 4 server on my home network to practice
with Samba / AD management, and I noticed an odd behaviour when trying to
RDP into a domain joined Win10 Pro computer.
The user is in the computer's Remote Desktop Users group.
If I login as:
User: samuser
Domain: SAMDOM
or
User: SAMDOM\samuser
I get an invalid password error.
If I login as samuser at samdom.com, same password, then it works.
I am not sure if this is just a Windows behaviour I've never noticed
before, or maybe an issue in my Samba or Kerberos config files. The issue
is only when logging on via RDP. Locally, I can just login as "samuser", I
don't need to put samuser at samdom.com in the username field.
I've included a copy of my config files and relevant event viewer error.
Any tips would be appreciated!
Peter
------- smb.conf
[global]
netbios name = SRV01
realm = SAMDOM.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = SAMDOM
idmap_ldb:use rfc2307 = yes
disable netbios = yes
[netlogon]
path = /var/lib/samba/sysvol/samdom.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
------ krb5.conf
[libdefaults]
default_realm = SAMDOM.COM
dns_lookup_kdc = true
dns_lookup_realm = false
# The following krb5.conf variables are only for MIT Kerberos.
kdc_timesync = 1
ccache_type = 4
forwardable = true
ticket_lifetime = 24h
proxiable = true
fcc-mit-ticketflags = true
[logging]
default = FILE:/var/log/krb5/krb.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/kadmind.log
[realms]
SAMDOM.COM = {
admin_server = srv01.samdom.com
default_domain = samdom.com
master_kdc = srv01.samdom.com
kdc = srv01.samdom.com
}
----- Windows Event Viewer - Security entry for failed RDP
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: samuser
Account Domain: SAMDOM
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: DESKTOP-00000
Source Network Address: 192.168.1.5
Source Port: 0
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
More information about the samba
mailing list