[Samba] windows workstations needing reboot to validate passwords. --ADDENDUM
james.atwell365 at gmail.com
james.atwell365 at gmail.com
Mon Nov 20 18:43:33 UTC 2023
> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org> On Behalf Of Ray Klassen via
> samba
> Sent: Monday, November 20, 2023 1:09 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] windows workstations needing reboot to validate
> passwords. --ADDENDUM
>
> Audit logging has been a bust. The failed attempt by the workstation to
> validate the password does not show up in the logs.
>
>
> On Thu, 2023-11-16 at 10:38 -0800, Ray Klassen via samba wrote:
> > Thank you for the suggestion. Audit logging enabled.
> >
> > On Thu, 2023-11-16 at 13:27 -0500, James Atwell via samba wrote:
> > > Have you setup Samba audit logging? This may aid in your efforts to
> > > see the reasons for not authenticating from the servers perspective.
> > >
> > > https://wiki.samba.org/index.php/Setting_up_Audit_Logging
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: samba <samba-bounces at lists.samba.org> On Behalf Of Ray Klassen
> > > via samba
> > > Sent: Thursday, November 16, 2023 1:11 PM
> > > To: samba at lists.samba.org
> > > Subject: [Samba] windows workstations needing reboot to validate
> > > passwords. --ADDENDUM
> > >
> > > I am (earlier reported under the subject "Peculiar Problem") having
> > > an issue that started several weeks ago, where windows (10 pro,
> > > server
> > > 2019) computers randomly get into a state where they refuse to
> > > validate passwords. Rebooting (sometimes several times) makes the
> > > problem go away. You can also log in if you disconnect the PC from
> > > the network and then reconnect.
> > >
> > > List of changes around the time it started.
> > >
> > > Samba upgrade to 4.19.2
> > > Samba schema upgrade to 2012_R2 functional level Samba upgrade to
> > > 2008 functional level
> > >
> > > List of measures taken (hoping that if best practises are not being
> > > observed, implementing them will fix things!!)
> > >
> > > Moved DNS from SAMBA_INTERNAL to BIND_DLZ Moved ntp from ntpsec
> to
> > > chrony
> > >
> > > Diagnostic steps
> > >
> > > Packet dumps (decoded with keytab) and loglevel 255 show no glaring
> > > issues or errors.
> > >
> > > Going to try restarting all of the DC's next time it happens to
> > > determine if the miscommunication originates with windows or samba.
> > >
> > > Windows Eventviewer lists failure as Event ID 4625 Status 0xC000006D
> > > Sub Status 0x0 Failure reason %%2304
> > >
> > >
> > > Any other suggestions welcome!!
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
You mentioned restarting all your DC's. I assume you have more than 1 DC and enabled audit logging on all your DC's. I also assume you verified on all DC's the logs do not exist if enabled on all?
More information about the samba
mailing list