Mark Foley mfoley at ohprs.org
Fri Jan 18 00:22:16 UTC 2019

I'm having a very annoying problem I can't figure out. I've been running Samba4 as our office
AD/DC for several years. This is a recent problem.

Whenever I Remote Desktop into a particular Windows workstation ( I get the
following message in /var/log/samba/log.samba:

  Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[mark at HPRS] at [Thu, 17 Jan 2019 18:43:26.477871 EST] with [arcfour-hmac-md5] status [NT_STATUS_WRONG_PASSWORD] workstation [(null)] remote host [ipv4:] mapped to [HPRS]\[mark]. local host [NULL]

This message repeats in groups of 3 every 5 minutes for as long as I am logged into this
computer.  It does not matter if I am remoting in from another Windows host on the LAN (as
domain user 'mark') or if I am logging from a remote, non-domain computer.  I am not logging
into the target computer as my domain id 'mark'.  When logging in from a LAN workstations, I am
logged into the original workstation as domain user 'mark', but when logging in from a remote
computer I am not user 'mark' on any remote.  I am remote desktopping into the target computer
as the AD Domain Administrator.  So, I don't know where it's getting the "user
[(null)]\[mark at HPRS]" bit from. 

After some period of time (or some number of "wrong password" messages), my account gets locked
out. The next time I try logging in from Remote desktop, or if I try ntlm_auth, I get the
following message:

  auth_check_password_recv: sam authentication for user [HPRS\mark] FAILED with error NT_STATUS_ACCOUNT_LOCKED_OUT, authoritative=1
[2019/01/17 00:24:22.733958,  2] ../auth/auth_log.c:760(log_authentication_event_human_readable)

At this point I have to go into ADUC and disable and re-enable the user account in order to be
able to log back in.

Does anyone have any idea what is going on and how to fix this?

THX --Mark

More information about the samba mailing list