[Samba] Failed auth attempt i don't understand.

karel.de.macil at free.fr karel.de.macil at free.fr
Fri Oct 2 11:25:18 UTC 2020 

Le 01/10/2020 19:09, karel de macil via samba a écrit :
> Hi all,
> 
> when i try to authenticate against my AD (rdesktop authentication) i
> got a wrong password/logname message despite my logname and password
> being exact , in the log i have the following .
> 
> Nothing wrong for me.
> 

with more test this happened with both physical or network connection on
WINDOWS 10 BUT with windows 7 all still work fluently. If this ring any 
bells
to anyone.

> the only strange thing being the : stream_terminate_connection:
> Terminating connection - 'kdc_tcp_call_loop:
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' line
> in perticular the second one because just after things seems to
> continue with the :
> 
> Kerberos: TGS-REQ Administrator at LOCAL.MYDOMAIN from
> ipv4:192.168.1.23:62418 for
> host/vr083023.LOCAL.MYDOMAIN at LOCAL.MYDOMAIN [canonicalize, renewable,
> forwardable]
> 
> line.
> 
> Can anyone with more knowledge than me have an eye on the log and tell
> me if he see anything wrong ?
> 
> and by the way ,under debian bullseye i can't seems to find anyway to
> get the full log of samba.
> despite this line :
> log level = 6;
> in my conf i can' seems to obtain the same level of log i get by doing 
> :
> 
> samba -i -d 6  --debug-stderr
> 
> if anyone know why, and how i can get my log to this level without
> launching my samba in interractive mode , i'm very interested.
> 
> best regards
> 
> Kerberos: AS-REQ administrator at LOCAL.MYDOMAIN from
> ipv4:192.168.1.23:62416 for krbtgt/LOCAL.MYDOMAIN at LOCAL.MYDOMAIN
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> Kerberos: Client sent patypes: 128
> Kerberos: Looking for PKINIT pa-data -- administrator at LOCAL.MYDOMAIN
> Kerberos: Looking for ENC-TS pa-data -- administrator at LOCAL.MYDOMAIN
> Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> administrator at LOCAL.MYDOMAIN
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> Kerberos: AS-REQ administrator at LOCAL.MYDOMAIN from
> ipv4:192.168.1.23:62417 for krbtgt/LOCAL.MYDOMAIN at LOCAL.MYDOMAIN
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> Kerberos: Client sent patypes: encrypted-timestamp, 128
> Kerberos: Looking for PKINIT pa-data -- administrator at LOCAL.MYDOMAIN
> Kerberos: Looking for ENC-TS pa-data -- administrator at LOCAL.MYDOMAIN
> Kerberos: ENC-TS Pre-authentication succeeded --
> administrator at LOCAL.MYDOMAIN using arcfour-hmac-md5
> Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> [(null)]\[administrator at LOCAL.MYDOMAIN] at [Thu, 01 Oct 2020
> 17:54:36.401984 CEST] with [arcfour-hmac-md5] status [NT_STATUS_OK]
> workstation [(null)] remote host [ipv4:192.168.1.23:62417] became
> [local]\[Administrator]
> [S-1-5-21-2718981395-2814295682-4030710678-500]. local host [NULL]
> {"timestamp": "2020-10-01T17:54:36.402248+0200", "type":
> "Authentication", "Authentication": {"version": {"major": 1, "minor":
> 2}, "eventId": 4624, "logonId": "28970a9c6c2edc2a", "logonType": 3,
> "status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
> "ipv4:192.168.1.23:62417", "serviceDescription": "Kerberos KDC",
> "authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
> "clientAccount": "administrator at LOCAL.MYDOMAIN", "workstation": null,
> "becameAccount": "Administrator", "becameDomain": "local",
> "becameSid": "S-1-5-21-2718981395-2814295682-4030710678-500",
> "mappedAccount": "Administrator", "mappedDomain": "local",
> "netlogonComputer": null, "netlogonTrustAccount": null,
> "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType":
> 0, "netlogonTrustAccountSid": null, "passwordType":
> "arcfour-hmac-md5", "duration": 7783}}
> authsam_account_ok: Checking SMB password for user 
> administrator at LOCAL.MYDOMAIN
> logon_hours_ok: No hours restrictions for user 
> administrator at LOCAL.MYDOMAIN
> lastLogonTimestamp is 132456356073698900
> sync interval is 14
> randomised sync interval is 12 (-2)
> old timestamp is 132456356073698900, threshold 132450044764030630,
> diff 6311309668270
> DSDB Change [Modify] at [Thu, 01 Oct 2020 17:54:36.406688 CEST] status
> [Success] remote host [Unknown] SID [S-1-5-18] DN
> [CN=Administrator,CN=Users,DC=local,DC=MYDOMAIN] attributes [replace:
> lastLogon [132460412764030630] replace: logonCount [19748]]
> {"timestamp": "2020-10-01T17:54:36.406926+0200", "type": "dsdbChange",
> "dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0,
> "status": "Success", "operation": "Modify", "remoteAddress": null,
> "performedAsSystem": false, "userSid": "S-1-5-18", "dn":
> "CN=Administrator,CN=Users,DC=local,DC=MYDOMAIN", "transactionId":
> "e1cf2141-8bf3-4100-bec6-d5be17915e3b", "sessionId":
> "2a7c4038-b378-4335-a7ad-81a8d8999bf4", "attributes": {"lastLogon":
> {"actions": [{"action": "replace", "values": [{"value":
> "132460412764030630"}]}]}, "logonCount": {"actions": [{"action":
> "replace", "values": [{"value": "19748"}]}]}}}}
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> Kerberos: AS-REQ authtime: 2020-10-01T17:54:36 starttime: unset
> endtime: 2020-10-02T03:54:36 renew till: 2020-10-08T17:54:36
> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> arcfour-hmac-md5/arcfour-hmac-md5
> Kerberos: Requested flags: renewable-ok, canonicalize, renewable, 
> forwardable
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> Kerberos: TGS-REQ Administrator at LOCAL.MYDOMAIN from
> ipv4:192.168.1.23:62418 for
> host/vr083023.LOCAL.MYDOMAIN at LOCAL.MYDOMAIN [canonicalize, renewable,
> forwardable]
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> Kerberos: TGS-REQ authtime: 2020-10-01T17:54:36 starttime:
> 2020-10-01T17:54:36 endtime: 2020-10-02T03:54:36 renew till:
> 2020-10-08T17:54:36
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'

More information about the samba mailing list