[Samba] Failed auth attempt i don't understand.

karel.de.macil at free.fr karel.de.macil at free.fr
Thu Oct 1 18:06:48 UTC 2020 

Le 01/10/2020 19:27, Rowland penny via samba a écrit :
> On 01/10/2020 18:09, karel de macil via samba wrote:
>> Hi all,
>> 
>> when i try to authenticate against my AD (rdesktop authentication) i 
>> got a wrong password/logname message despite my logname and password
>> being exact , in the log i have the following .
>> 
>> Nothing wrong for me.
>> 
>> the only strange thing being the : stream_terminate_connection: 
>> Terminating connection - 'kdc_tcp_call_loop: 
>> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' line 
>> in perticular the second one because just after things seems to 
>> continue with the :
>> 
>> Kerberos: TGS-REQ Administrator at LOCAL.MYDOMAIN from 
>> ipv4:192.168.1.23:62418 for 
>> host/vr083023.LOCAL.MYDOMAIN at LOCAL.MYDOMAIN [canonicalize, renewable, 
>> forwardable]
>> 
>> line.
>> 
>> Can anyone with more knowledge than me have an eye on the log and tell 
>> me if he see anything wrong ?
>> 
>> 
>> 
>> Kerberos: AS-REQ administrator at LOCAL.MYDOMAIN from 
>> ipv4:192.168.1.23:62416 for krbtgt/LOCAL.MYDOMAIN at LOCAL.MYDOMAIN
> 
> Is this on a DC or a Unix domain member ?

this is a remote desktop attempt on a computer who is in the domain 
managed by the DC from which i get the log

> Why are you using Administrator on Unix ?

This is the default administrator account in samba4 but the behavior is 
the same with any account.

> Might help if we see your smb.conf

[global]
         netbios name = DC-TEST
         realm = LOCAL.MYDOMAIN
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbind, ntp_signd, kcc, dnsupdate, dns
         workgroup = IETR
         idmap_ldb:use rfc2307  = yes
         dns forwarder = 129.20.128.39
         allow dns updates = nonsecure
         dns update command=/usr/sbin/samba_dnsupdate --use-samba-tool
         restrict anonymous = 2
         printcap name = /dev/null
         load printers = no
         disable spoolss = yes
         printing = bsd
         log level = 6
         #auth_audit:10@/var/log/samba/log.auth_audit
         disable netbios = yes
         smb ports = 445
[netlogon]
         path = /var/lib/samba/sysvol/local.mydomain/scripts
         read only = No
         vfs objects = full_audit
[sysvol]
         path = /var/lib/samba/sysvol
         read only = No
         vfs objects = full_audit

> Rowland

More information about the samba mailing list