[Samba] unknown authentification failure - Samba 4.0.1 pdc
Rowland Penny
rowlandpenny at googlemail.com
Mon Oct 28 12:42:35 MDT 2013
On 28/10/13 18:18, bugblatterbeast wrote:
> Am 28.10.2013 18:30, schrieb Rowland Penny:
>> On 28/10/13 17:03, bugblatterbeast wrote:
>>> Am 28.10.2013 17:08, schrieb Rowland Penny:
>>>> On 28/10/13 15:36, bugblatterbeast wrote:
>>>>> I've just found something in a logfile named "log.%m" (usually the
>>>>> name of the machine is filled in):
>>>>>
>>>>> [2013/10/28 14:46:19, 0]
>>>>> ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
>>>>> NTLMSSP NTLM2 packet check failed due to invalid signature!
>>>>> [2013/10/28 14:47:38, 0]
>>>>> ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
>>>>> NTLMSSP NTLM2 packet check failed due to invalid signature!
>>>>> [2013/10/28 14:47:48, 0]
>>>>> ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn)
>>>>> Failed to modify SPNs on
>>>>> CN=COMPUTERNAME,CN=Computers,DC=DOMAINNAME,DC=local: error in
>>>>> module acl: Constraint violation (19)
>>>>>
>>>>> This seems to be important... but I still don't understand what it
>>>>> means and how I can fix it.
>>>>>
>>>>>
>>>>>
>>>>> Am 28.10.2013 15:26, schrieb bugblatterbeast:
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>> one of our clients can't connect to the pdc anymore. All
>>>>>> attempts lead to an error-message about the wrong username or
>>>>>> password. We've tried several user-accounts and it's always the
>>>>>> same...
>>>>>>
>>>>>> any username like "domainname\domainuser" with password always
>>>>>> fails without delay. Either when trying to log on to the
>>>>>> workstation, or when connecting to a samba share on the
>>>>>> domain-controller (like "\\domaincontroller\share").
>>>>>>
>>>>>> Now, when we log in as a local user and try to connect to a samba
>>>>>> share on the domain-controller using the WRONG username
>>>>>> "computername\domainuser" with the NOT MATCHING password of the
>>>>>> domainuser it works!!!!! We can not only connect to a samba share
>>>>>> but also join or leave the domain. However it's still impossible
>>>>>> to logon to the workstation that way...
>>>>>>
>>>>>> We've also changed the ip-address and the netbios-name of the
>>>>>> computer and deleted the computer's domain-account... several
>>>>>> times without any success.
>>>>>>
>>>>>> The most disappointing thing is, that I can't find any
>>>>>> log-entries on the domain controller. I've already activated
>>>>>> machine-logs, but there's nothing helpful to be found in
>>>>>> /var/log/samba.
>>>>>>
>>>>>>
>>>>>> Thanks in advance, bbb
>>>>>
>>>> Hi, it might help if you opened another post rather than jumping
>>>> into the middle of a discussion, also a lot more info is going to
>>>> be needed. i.e. what version(s) of samba are you running, what OS's
>>>> are you using, smb.conf etc.
>>>>
>>>> Rowland
>>>
>>> Sorry Rowland, I don't understand your complaint. How would I open a
>>> thread in a mailing list??? I've already wrote that I'm using 4.0.1
>>> and the smb.conf is quite irrelevant to this problem... still, if
>>> you think you can help and need any particular information, just ask
>>> for it...
>>
>> How to open a thread 101
>>
>> open your email client
>> start a new email
>> enter in the To: box the samba list address
>> then think of a subject relevant to your samba problem and enter this
>> into the Subject box
>> enter, into the email, all relevant info about your problem
>> click the send button
>>
>> If you do all of the above and do not just reply to another message,
>> you will have opened a NEW topic
>>
>> Also, I thought I did ask for more info!
>>
>> Rowland
>>>
>>> @all:
>>>
>>> I've found the bug 9316 (reported by Marc Muehlfeld an assigned to
>>> Andrew Bartlett) and this post from december 2012 with the
>>> statement: "/... it is a known issue. We have a set of patches, but
>>> they need much more work before we can fix that. It happens when
>>> the client is trying to change only the case of the
>>> servicePrincipalName over DRS./"
>>> (https://lists.samba.org/archive/samba/2012-December/170558.html)
>>>
>>> Is there any workaround or perhaps a way to reset those
>>> servicePrincipalNames??? I've already tried the Microsoft
>>> suggestion, to suppress the extended protection.
>>>
>>> Thanks in advance, bbb
>>
>
> @rowland:
>
> I did reply to my own post as you might have noticed. Please mind you
> manners or stop answering to my posts, if you be so kind. I really
> don't need the nagging of some cranky wannabe-expert.
AAAGGH, terribly sorry and you are correct, Thunderbird 24 added your
post as a thread of a previous topic 'How samba is working on
DC/member', so on that point again I apologise.
Rowland
>
> @Mr. Muehlfeld:
>
> I'm sorry, to bother you. Do you by chance remember how you solved
> this problem 10 month ago? It would be a grat help.
>
> @all:
>
> By the way, I'm out of the office now. If anybody else thinks, that my
> standard smb.conf or anything else could help solving this particular
> problem, I'd gladly post it tomorrow.
>
>
> Thanks in advance, bbb
More information about the samba
mailing list