[Samba] Intermittent Authentication Errors

Matthew Delfino mdelfino.list.samba at KNOCKinc.com
Tue Sep 18 17:19:35 UTC 2018

Hello Samba People,

We have a Kerio Connect (email) server using Samba 4.8.5 as it’s directory service (3 AD DCs). We’ve been using this setup for about 3 years now.

Over the last several months, we’ve been trying to find out why Samba starts rejecting attempts that the Kerio Connect mail server makes to authenticate our users. The errors in Kerio look like this:

Authentication failed for user joe.schmoe at domain.com. Attempt from IP address External authentication service rejected authentication due to invalid password or authentication restriction.

This will repeat about 40 times for 40 different users over the course of, say 5 minutes or as long as 20 minutes (in which case, it might affect all 130 users). Then, it just stops.

Now, this could be Kerio’s fault. So, I’m exploring all my options. A Kerio Connect server sends a lot of authentication requests per minute - like, sometimes 100 to 140. But I was wondering if anyone knows of any configuration settings I might be able to tweak on my DCs to make them more welcoming of rapid authentication requests?

Thank you!

© 2018 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.

More information about the samba mailing list