[Samba] Perplexing problem
Ray Klassen
ray.klassen at icloud.com
Wed Nov 1 16:21:55 UTC 2023
to clarify.
Chrony is one of the first things I tried. I got it working (I think),
but it hasn't affected the can't-login-except-after-a-reboot problem.
On Wed, 2023-11-01 at 15:45 +0000, Ray Klassen via samba wrote:
> Sorry. Forgot to mention that. Chrony now installed and configured on
> all DC's per the samba wiki. appears to be working. On Nov. 1, 2023,
> at 12:07 a.m., Peter Milesson via samba <samba at lists.samba.org>
> wrote: On 31.10.2023 21:45, Ray Klassen via samba wrote: 4 DC's Samba
> version 4.19.2 compiled from tarball on Debian 12.2 (have run this
> way always up to date tarballs for maybe 15 years. Wkstations:
> Windows 10 up dated to latest security patches About a week and half
> ago, workstations started fail on login with "Incorrect Password"
> until restarted, sometimes several times after which no problem for
> maybe a few days. (not sure about this, just don't seem to get calls
> right the next day on the same PC.) Remote Desktop also behaves
> peculiarly when workstation is in this state -- a successful
> connection may actually get the user to a log in screen they can't
> get past. Normally Remote Desktop will drop the connection if the
> password fails. This looks like the connection to the machine is
> successful, but the windows session connection fails. If network
> cable is unplugged the PC logs in fine, using the locally cached
> password hash. Log level 255 for an affected PC doesn't look that
> promising. The only thing that looks suspicious are exchanges wh ere
> there's some sort of authentication and the workstation presents its
> IP address as its name. Wireshark traffic of the failing login
> (decoded by use of a DC keytab) reveals a bunch of successful
> requests and responses. No glaring errors. Investigation reveals that
> dynamic DNS updates are not working. I reset allow dns update to
> 'nonsecure' -- no difference. Could this be the cause? Recent changes
> to the system: Upgrade to samba 4.19.2 from 4.19.1 raise
> domain/forest funtional level from 2003 to 2008_r2 (in preparation
> for Entra Cloud software. Better than AD Connect?) Windows service
> packs? Any ideas/pointers appreciated... Hi Ray, Clock
> synchronization? If you have got ntpsec on the DCs, that wont work.
> Must use Chrony. Best regards, Peter -- To unsubscribe from this list
> go to the following URL and read the instructions:
> https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list