[Samba] NT_STATUS_ACCOUNT_LOCKED_OUT
Mark Foley
mfoley at ohprs.org
Sat Jan 19 21:26:21 UTC 2019
On Sun, 20 Jan 2019 08:06:26 +1300 Andrew Bartlett wrote:
>
> On Sat, 2019-01-19 at 13:37 -0500, Mark Foley via samba wrote:
> > I sure could use some help on this. Perhaps this problem is due to a
> > recent Windows update?
> >
> > Furthermore, when I do actually log into this computer as 'mark' and
> > enter the correct PW, it
> > works fine, no Auth errors.
> >
> > Could someone point me in the right direction for research?
>
> Turn up the Samba log level further so you get the Kerberos: messages
> from the internal Heimdal KDC. That may help us see what is going
> wrong.
>
> Andrew Bartlett
> --
Andrew, added kerberos:10 to samba Log Level. Got the following:
[2019/01/19 16:12:48.582972, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ mark at HPRS from ipv4:192.168.0.4:63581 for krbtgt/HPRS at HPRS
[2019/01/19 16:12:48.584099, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 128
[2019/01/19 16:12:48.584109, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- mark at HPRS
[2019/01/19 16:12:48.584113, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client (mark at HPRS) is locked out
I've not seen the syntax mark at OHPRS before. Is this legit? Normally, I see HPRS\mark where
HPRS is the domain (hprs.local) and mark is the user.
Does this provide some clues? Is something messed up with my kerberos settings?
--Mark
More information about the samba
mailing list