[Samba] Samba update cause windows incorrect password

Enrico Morelli morelli at cerm.unifi.it
Fri Apr 24 10:38:59 UTC 2020 

On Thu, 23 Apr 2020 08:08:39 +1200
Andrew Bartlett via samba <samba at lists.samba.org> wrote:

> On Wed, 2020-04-22 at 20:01 +0100, Rowland penny via samba wrote:
> > On 22/04/2020 19:25, Enrico Morelli via samba wrote:  
> > > > On 22/04/2020 16:06, Enrico Morelli via samba wrote:  
> > > > > Dear,
> > > > > 
> > > > > on my debian system I upgraded samba from 4.5.16 to 4.9.5. My
> > > > > samba
> > > > > server is configured as domain controller.
> > > > > 
> > > > > Now happens a strange thing. From a windows 10 client I'm able
> > > > > to login
> > > > > with a domain user without problem. But if I logout and try to
> > > > > enter
> > > > > the password for the same user, Windows tells me that the
> > > > > password is
> > > > > incorrect.
> > > > > 
> > > > > To be able to loing, I've to select Other User, enter username
> > > > > and
> > > > > password and all works fine. But if I logout and enter the
> > > > > same password, Windows tells me "Incorrect password".
> > > > >   
> > 
> > Apart from multiple default lines, there doesn't seem to anything
> > really 
> > wrong with your smb.conf, so it looks like this could be yet
> > another reason to not use Windows 10 with an NT4-style PDC.
> > 
> > You could try raising the log level, add 'log level = 10' to the 
> > smb.conf and restart Samba, but beware, this will lead to a lot of
> > output.  
> 
> Thanks Rowland.  This is the right approach.  Once we get that, we
> should be (even log level 5 would show it) able to work out what
> username form was being sent in both cases, and see if we can map
> between them.
> 
> Andrew Bartlett
> 

I'd set the loglevel to 5 and happens a strange thing:

SAM Logon (Interactive). Domain:[CERMDOMAIN].
User:[visitor2 at STUDENTI2] Requested Domain:[DOMAIN]
[2020/04/24 12:04:50.144675,
5] ../source3/rpc_server/netlogon/srv_netlog_nt.c:1628(_netr_LogonSamLogon_base)
Attempting validation level 3 for unmapped username visitor2.
[2020/04/24 12:04:50.144698,
5] ../source3/auth/auth.c:412(load_auth_module) load_auth_module:
Attempting to find an auth method to match sam_netlogon3 [2020/04/24
12:04:50.144715,  5] ../source3/auth/auth.c:437(load_auth_module)
load_auth_module: auth method sam_netlogon3 has a valid init
[2020/04/24 12:04:50.144729,
5] ../source3/auth/auth.c:412(load_auth_module) load_auth_module:
Attempting to find an auth method to match winbind [2020/04/24
12:04:50.144743,  5] ../source3/auth/auth.c:437(load_auth_module)
load_auth_module: auth method winbind has a valid init [2020/04/24
12:04:50.144894,
5] ../source3/auth/auth_util.c:122(make_user_info_map) Mapping user
[DOMAIN]\[visitor2] from workstation [STUDENTI2] [2020/04/24
12:04:50.144910,  5] ../source3/auth/user_info.c:64(make_user_info)
attempting to make a user_info for visitor2 (visitor2)
[2020/04/24 12:04:50.144962,
3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password:  Checking password for unmapped user
[DOMAIN]\[visitor2]@[STUDENTI2] with the new password interface
[2020/04/24 12:04:50.144978,
3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password:  mapped user is: [DOMAIN]\[visitor2]@[STUDENTI2]
[2020/04/24 12:04:50.145020,
5] ../source3/auth/auth_sam.c:162(auth_sam_netlogon3_auth)
auth_sam_netlogon3_auth: DOMAIN is not our domain name (DC for
CERMDOMAIN)
2020/04/24 12:04:50.145228,
5] ../source3/auth/auth.c:251(auth_check_ntlm_password)
auth_check_ntlm_password: winbind authentication for user [visitor2]
FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=0 [2020/04/24
12:04:50.145246,
2] ../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password:  Authentication for user [visitor2] -> [visitor2]
FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=0 [2020/04/24
12:04:50.145276,
2] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SamLogon,(null)] user [DOMAIN]\[visitor2] at [Fri, 24 Apr 2020
12:04:50.145263 CEST] with [Supplied-NT-Hash] status
[NT_STATUS_NO_SUCH_USER] workstation [STUDENTI2] remote host
[ipv4:192.168.100.12:51475] mapped to [DOMAIN]\[visitor2]. local host
[ipv4:192.168.100.27:445] 


Seems like the studenti2 PC is in a wrong domain, but I checked that and
it is on the correct CERMDOMAIN domain.
In the past we had an old samba server that served as DC for DOMAIN
domain. But now, all the machine are configured to use the new domain
and before the update all worked fine.

I'm very confused because this is the behavior of all the windows 10
machines in the domain.

I also tried to remove the studenti2 machine from the domain and
put it again without any result.

-- 
-----------------------------------------------------------
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
------------------------------------------------------------

More information about the samba mailing list