[Samba] Failed auth attempt i don't understand.
karel.de.macil at free.fr
karel.de.macil at free.fr
Thu Oct 1 17:09:36 UTC 2020
Hi all,
when i try to authenticate against my AD (rdesktop authentication) i got
a wrong password/logname message despite my logname and password
being exact , in the log i have the following .
Nothing wrong for me.
the only strange thing being the : stream_terminate_connection:
Terminating connection - 'kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' line
in perticular the second one because just after things seems to continue
with the :
Kerberos: TGS-REQ Administrator at LOCAL.MYDOMAIN from
ipv4:192.168.1.23:62418 for host/vr083023.LOCAL.MYDOMAIN at LOCAL.MYDOMAIN
[canonicalize, renewable, forwardable]
line.
Can anyone with more knowledge than me have an eye on the log and tell
me if he see anything wrong ?
and by the way ,under debian bullseye i can't seems to find anyway to
get the full log of samba.
despite this line :
log level = 6;
in my conf i can' seems to obtain the same level of log i get by doing :
samba -i -d 6 --debug-stderr
if anyone know why, and how i can get my log to this level without
launching my samba in interractive mode , i'm very interested.
best regards
Kerberos: AS-REQ administrator at LOCAL.MYDOMAIN from
ipv4:192.168.1.23:62416 for krbtgt/LOCAL.MYDOMAIN at LOCAL.MYDOMAIN
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
Kerberos: Client sent patypes: 128
Kerberos: Looking for PKINIT pa-data -- administrator at LOCAL.MYDOMAIN
Kerberos: Looking for ENC-TS pa-data -- administrator at LOCAL.MYDOMAIN
Kerberos: No preauth found, returning PREAUTH-REQUIRED --
administrator at LOCAL.MYDOMAIN
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
Kerberos: AS-REQ administrator at LOCAL.MYDOMAIN from
ipv4:192.168.1.23:62417 for krbtgt/LOCAL.MYDOMAIN at LOCAL.MYDOMAIN
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
Kerberos: Client sent patypes: encrypted-timestamp, 128
Kerberos: Looking for PKINIT pa-data -- administrator at LOCAL.MYDOMAIN
Kerberos: Looking for ENC-TS pa-data -- administrator at LOCAL.MYDOMAIN
Kerberos: ENC-TS Pre-authentication succeeded --
administrator at LOCAL.MYDOMAIN using arcfour-hmac-md5
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
[(null)]\[administrator at LOCAL.MYDOMAIN] at [Thu, 01 Oct 2020
17:54:36.401984 CEST] with [arcfour-hmac-md5] status [NT_STATUS_OK]
workstation [(null)] remote host [ipv4:192.168.1.23:62417] became
[local]\[Administrator] [S-1-5-21-2718981395-2814295682-4030710678-500].
local host [NULL]
{"timestamp": "2020-10-01T17:54:36.402248+0200", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor":
2}, "eventId": 4624, "logonId": "28970a9c6c2edc2a", "logonType": 3,
"status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
"ipv4:192.168.1.23:62417", "serviceDescription": "Kerberos KDC",
"authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
"clientAccount": "administrator at LOCAL.MYDOMAIN", "workstation": null,
"becameAccount": "Administrator", "becameDomain": "local", "becameSid":
"S-1-5-21-2718981395-2814295682-4030710678-500", "mappedAccount":
"Administrator", "mappedDomain": "local", "netlogonComputer": null,
"netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": "arcfour-hmac-md5", "duration": 7783}}
authsam_account_ok: Checking SMB password for user
administrator at LOCAL.MYDOMAIN
logon_hours_ok: No hours restrictions for user
administrator at LOCAL.MYDOMAIN
lastLogonTimestamp is 132456356073698900
sync interval is 14
randomised sync interval is 12 (-2)
old timestamp is 132456356073698900, threshold 132450044764030630, diff
6311309668270
DSDB Change [Modify] at [Thu, 01 Oct 2020 17:54:36.406688 CEST] status
[Success] remote host [Unknown] SID [S-1-5-18] DN
[CN=Administrator,CN=Users,DC=local,DC=MYDOMAIN] attributes [replace:
lastLogon [132460412764030630] replace: logonCount [19748]]
{"timestamp": "2020-10-01T17:54:36.406926+0200", "type": "dsdbChange",
"dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0,
"status": "Success", "operation": "Modify", "remoteAddress": null,
"performedAsSystem": false, "userSid": "S-1-5-18", "dn":
"CN=Administrator,CN=Users,DC=local,DC=MYDOMAIN", "transactionId":
"e1cf2141-8bf3-4100-bec6-d5be17915e3b", "sessionId":
"2a7c4038-b378-4335-a7ad-81a8d8999bf4", "attributes": {"lastLogon":
{"actions": [{"action": "replace", "values": [{"value":
"132460412764030630"}]}]}, "logonCount": {"actions": [{"action":
"replace", "values": [{"value": "19748"}]}]}}}}
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
Kerberos: AS-REQ authtime: 2020-10-01T17:54:36 starttime: unset endtime:
2020-10-02T03:54:36 renew till: 2020-10-08T17:54:36
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
forwardable
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
Kerberos: TGS-REQ Administrator at LOCAL.MYDOMAIN from
ipv4:192.168.1.23:62418 for host/vr083023.LOCAL.MYDOMAIN at LOCAL.MYDOMAIN
[canonicalize, renewable, forwardable]
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
Kerberos: TGS-REQ authtime: 2020-10-01T17:54:36 starttime:
2020-10-01T17:54:36 endtime: 2020-10-02T03:54:36 renew till:
2020-10-08T17:54:36
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
More information about the samba
mailing list