mfoley at ohprs.org
Fri Jan 18 00:22:16 UTC 2019
I'm having a very annoying problem I can't figure out. I've been running Samba4 as our office
AD/DC for several years. This is a recent problem.
Whenever I Remote Desktop into a particular Windows workstation (192.168.0.4) I get the
following message in /var/log/samba/log.samba:
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[mark at HPRS] at [Thu, 17 Jan 2019 18:43:26.477871 EST] with [arcfour-hmac-md5] status [NT_STATUS_WRONG_PASSWORD] workstation [(null)] remote host [ipv4:192.168.0.4:54315] mapped to [HPRS]\[mark]. local host [NULL]
This message repeats in groups of 3 every 5 minutes for as long as I am logged into this
computer. It does not matter if I am remoting in from another Windows host on the LAN (as
domain user 'mark') or if I am logging from a remote, non-domain computer. I am not logging
into the target computer as my domain id 'mark'. When logging in from a LAN workstations, I am
logged into the original workstation as domain user 'mark', but when logging in from a remote
computer I am not user 'mark' on any remote. I am remote desktopping into the target computer
as the AD Domain Administrator. So, I don't know where it's getting the "user
[(null)]\[mark at HPRS]" bit from.
After some period of time (or some number of "wrong password" messages), my account gets locked
out. The next time I try logging in from Remote desktop, or if I try ntlm_auth, I get the
auth_check_password_recv: sam authentication for user [HPRS\mark] FAILED with error NT_STATUS_ACCOUNT_LOCKED_OUT, authoritative=1
[2019/01/17 00:24:22.733958, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
At this point I have to go into ADUC and disable and re-enable the user account in order to be
able to log back in.
Does anyone have any idea what is going on and how to fix this?
More information about the samba