rpenny at samba.org
Sat Jan 19 19:03:58 UTC 2019
On Sat, 19 Jan 2019 13:37:18 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:
> I sure could use some help on this. Perhaps this problem is due to a
> recent Windows update?
> I have determined that whenever I log into the Windows 7 host
> DBSERVER from any other Windows 7 computer, whether it be a local
> domain workstation or an external computer, and regarless of whether
> the client workstation is logged in as 'mark' or any other user, I
> have the lockout problem.
> As soon as I log into Windows 7 host dbserver as the domain
> administrator I immediately see series 10 to 15 of the following
> log.samba messages:
> Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> [(null)]\[mark at HPRS] at [Sat, 19 Jan 2019 12:18:27.881822 EST] with
> [arcfour-hmac-md5] status [NT_STATUS_WRONG_PASSWORD] workstation
> [(null)] remote host [ipv4:192.168.0.4:53914] mapped to
> [HPRS]\[mark]. local host [NULL]
> Then, if I try to log into ANY domain member as user 'mark' I cannot
> and the log.samba has:
> auth_check_password_recv: sam authentication for user [HPRS\mark]
> FAILED with error NT_STATUS_ACCOUNT_LOCKED_OUT, authoritative=1 Auth:
> [SamLogon,network] user [HPRS]\[mark] at [Sat, 19 Jan 2019
> 12:28:06.590937 EST] with [NTLMv2] status
> [NT_STATUS_ACCOUNT_LOCKED_OUT] workstation [WIN7VM] remote host
> [ipv4:192.168.0.4:54336] mapped to [HPRS]\[mark]. local host
> [ipv4:192.168.0.2:49153] NETLOGON computer [DBSERVER] trust account
> The administrator user does not map any drives or otherwise seem to
> run anything as user 'mark'.
> I cannot figure out why something is trying to login/connect as user
> 'mark' with an invalid password even when logging in as the
> administrator, not 'mark'.
> Furthermore, when I do actually log into this computer as 'mark' and
> enter the correct PW, it works fine, no Auth errors.
> Could someone point me in the right direction for research?
If this is only happening with one PC, then you need to check that PC.
It looks like something is trying to do something it probably
shouldn't, I take it you have a run a deep virus scan ?
More information about the samba