[Samba] windows workstations needing reboot to validate passwords. --ADDENDUM

Ray Klassen ray.klassen at icloud.com
Mon Nov 20 19:09:35 UTC 2023



On Mon, 2023-11-20 at 13:43 -0500, James Atwell via samba wrote:
> 
> 
> > -----Original Message-----
> > From: samba <samba-bounces at lists.samba.org> On Behalf Of Ray
> > Klassen via
> > samba
> > Sent: Monday, November 20, 2023 1:09 PM
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] windows workstations needing reboot to
> > validate
> > passwords. --ADDENDUM
> > 
> > Audit logging has been a bust. The failed attempt by the
> > workstation to
> > validate the password does not show up in the logs.
> > 
> > 
> > On Thu, 2023-11-16 at 10:38 -0800, Ray Klassen via samba wrote:
> > > Thank you for the suggestion. Audit logging enabled.
> > > 
> > > On Thu, 2023-11-16 at 13:27 -0500, James Atwell via samba wrote:
> > > > Have you setup Samba audit logging? This may aid in your
> > > > efforts to
> > > > see the reasons for not authenticating from the servers
> > > > perspective.
> > > > 
> > > > https://wiki.samba.org/index.php/Setting_up_Audit_Logging
> > > > 
> > > > 
> > > > 
> > > > 
> > > > -----Original Message-----
> > > > From: samba <samba-bounces at lists.samba.org> On Behalf Of Ray
> > > > Klassen
> > > > via samba
> > > > Sent: Thursday, November 16, 2023 1:11 PM
> > > > To: samba at lists.samba.org
> > > > Subject: [Samba] windows workstations needing reboot to
> > > > validate
> > > > passwords. --ADDENDUM
> > > > 
> > > > I am (earlier reported under the subject "Peculiar Problem")
> > > > having
> > > > an issue that started several weeks ago, where windows (10 pro,
> > > > server
> > > > 2019) computers randomly get into a state where they refuse to
> > > > validate passwords. Rebooting (sometimes several times) makes
> > > > the
> > > > problem go away. You can also log in if you disconnect the PC
> > > > from
> > > > the network and then reconnect.
> > > > 
> > > > List of changes around the time it started.
> > > > 
> > > > Samba upgrade to 4.19.2
> > > > Samba schema upgrade to 2012_R2 functional level Samba upgrade
> > > > to
> > > > 2008 functional level
> > > > 
> > > > List of measures taken (hoping that if best practises are not
> > > > being
> > > > observed, implementing them will fix things!!)
> > > > 
> > > > Moved DNS from SAMBA_INTERNAL to BIND_DLZ Moved ntp from ntpsec
> > to
> > > > chrony
> > > > 
> > > > Diagnostic steps
> > > > 
> > > > Packet dumps (decoded with keytab) and loglevel 255 show no
> > > > glaring
> > > > issues or errors.
> > > > 
> > > > Going to try restarting all of the DC's next time it happens to
> > > > determine if the miscommunication originates with windows or
> > > > samba.
> > > > 
> > > > Windows Eventviewer lists failure as Event ID 4625 Status
> > > > 0xC000006D
> > > > Sub Status 0x0 Failure reason %%2304
> > > > 
> > > > 
> > > > Any other suggestions welcome!!
> > > > 
> > > > 
> > > > 
> > > > --
> > > > To unsubscribe from this list go to the following URL and read
> > > > the
> > > > instructions:  https://lists.samba.org/mailman/options/samba
> > > > 
> > > > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> You mentioned restarting all your DC's. I assume you have more than 1
> DC and enabled audit logging on all your DC's. I also assume you
> verified on all DC's the logs do not exist if enabled on all?
> 
> 
> I have 4 DC's. I've got auditing enabled on all of them. And seeing
> audit entries on all of them regarding other traffic. The wkstation
> that misbehaved this morning shows entries on some of them over the
> weekend 'NT_STATUS_OK'and earlier. It looks like it doing a machine
> password update.
> 
> 
> 
> 


More information about the samba mailing list