[Samba] Failed auth attempt i don't understand.
L.P.H. van Belle
belle at bazuin.nl
Fri Oct 2 11:58:30 UTC 2020
Ive seen something simular here.
Does this happen if you try to connect to a PC where you already are logged in.
If yes, logout, test again.
If no, reboot the pc and test again.
What is the exact message you see.
(optinal PM me the print screen)
I do/did get some 0x... Message when trying to login on first attempt.
The second always worked for me.
And lookup the windows events.
Or are we talking here about RDP on linux workstations? ;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> karel de macil via samba
> Verzonden: vrijdag 2 oktober 2020 13:25
> Aan: karel.de.macil at free.fr
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Failed auth attempt i don't understand.
>
> Le 01/10/2020 19:09, karel de macil via samba a écrit :
> > Hi all,
> >
> > when i try to authenticate against my AD (rdesktop authentication) i
> > got a wrong password/logname message despite my logname and password
> > being exact , in the log i have the following .
> >
> > Nothing wrong for me.
> >
>
> with more test this happened with both physical or network
> connection on
> WINDOWS 10 BUT with windows 7 all still work fluently. If
> this ring any
> bells
> to anyone.
>
> > the only strange thing being the : stream_terminate_connection:
> > Terminating connection - 'kdc_tcp_call_loop:
> > tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED' line
> > in perticular the second one because just after things seems to
> > continue with the :
> >
> > Kerberos: TGS-REQ Administrator at LOCAL.MYDOMAIN from
> > ipv4:192.168.1.23:62418 for
> > host/vr083023.LOCAL.MYDOMAIN at LOCAL.MYDOMAIN [canonicalize,
> renewable,
> > forwardable]
> >
> > line.
> >
> > Can anyone with more knowledge than me have an eye on the
> log and tell
> > me if he see anything wrong ?
> >
> > and by the way ,under debian bullseye i can't seems to find
> anyway to
> > get the full log of samba.
> > despite this line :
> > log level = 6;
> > in my conf i can' seems to obtain the same level of log i
> get by doing
> > :
> >
> > samba -i -d 6 --debug-stderr
> >
> > if anyone know why, and how i can get my log to this level without
> > launching my samba in interractive mode , i'm very interested.
> >
> > best regards
> >
> > Kerberos: AS-REQ administrator at LOCAL.MYDOMAIN from
> > ipv4:192.168.1.23:62416 for krbtgt/LOCAL.MYDOMAIN at LOCAL.MYDOMAIN
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > Kerberos: Client sent patypes: 128
> > Kerberos: Looking for PKINIT pa-data -- administrator at LOCAL.MYDOMAIN
> > Kerberos: Looking for ENC-TS pa-data -- administrator at LOCAL.MYDOMAIN
> > Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > administrator at LOCAL.MYDOMAIN
> > stream_terminate_connection: Terminating connection -
> > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > NT_STATUS_CONNECTION_DISCONNECTED'
> > Kerberos: AS-REQ administrator at LOCAL.MYDOMAIN from
> > ipv4:192.168.1.23:62417 for krbtgt/LOCAL.MYDOMAIN at LOCAL.MYDOMAIN
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > Kerberos: Client sent patypes: encrypted-timestamp, 128
> > Kerberos: Looking for PKINIT pa-data -- administrator at LOCAL.MYDOMAIN
> > Kerberos: Looking for ENC-TS pa-data -- administrator at LOCAL.MYDOMAIN
> > Kerberos: ENC-TS Pre-authentication succeeded --
> > administrator at LOCAL.MYDOMAIN using arcfour-hmac-md5
> > Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> > [(null)]\[administrator at LOCAL.MYDOMAIN] at [Thu, 01 Oct 2020
> > 17:54:36.401984 CEST] with [arcfour-hmac-md5] status [NT_STATUS_OK]
> > workstation [(null)] remote host [ipv4:192.168.1.23:62417] became
> > [local]\[Administrator]
> > [S-1-5-21-2718981395-2814295682-4030710678-500]. local host [NULL]
> > {"timestamp": "2020-10-01T17:54:36.402248+0200", "type":
> > "Authentication", "Authentication": {"version": {"major":
> 1, "minor":
> > 2}, "eventId": 4624, "logonId": "28970a9c6c2edc2a", "logonType": 3,
> > "status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
> > "ipv4:192.168.1.23:62417", "serviceDescription": "Kerberos KDC",
> > "authDescription": "ENC-TS Pre-authentication",
> "clientDomain": null,
> > "clientAccount": "administrator at LOCAL.MYDOMAIN",
> "workstation": null,
> > "becameAccount": "Administrator", "becameDomain": "local",
> > "becameSid": "S-1-5-21-2718981395-2814295682-4030710678-500",
> > "mappedAccount": "Administrator", "mappedDomain": "local",
> > "netlogonComputer": null, "netlogonTrustAccount": null,
> > "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType":
> > 0, "netlogonTrustAccountSid": null, "passwordType":
> > "arcfour-hmac-md5", "duration": 7783}}
> > authsam_account_ok: Checking SMB password for user
> > administrator at LOCAL.MYDOMAIN
> > logon_hours_ok: No hours restrictions for user
> > administrator at LOCAL.MYDOMAIN
> > lastLogonTimestamp is 132456356073698900
> > sync interval is 14
> > randomised sync interval is 12 (-2)
> > old timestamp is 132456356073698900, threshold 132450044764030630,
> > diff 6311309668270
> > DSDB Change [Modify] at [Thu, 01 Oct 2020 17:54:36.406688
> CEST] status
> > [Success] remote host [Unknown] SID [S-1-5-18] DN
> > [CN=Administrator,CN=Users,DC=local,DC=MYDOMAIN] attributes
> [replace:
> > lastLogon [132460412764030630] replace: logonCount [19748]]
> > {"timestamp": "2020-10-01T17:54:36.406926+0200", "type":
> "dsdbChange",
> > "dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 0,
> > "status": "Success", "operation": "Modify", "remoteAddress": null,
> > "performedAsSystem": false, "userSid": "S-1-5-18", "dn":
> > "CN=Administrator,CN=Users,DC=local,DC=MYDOMAIN", "transactionId":
> > "e1cf2141-8bf3-4100-bec6-d5be17915e3b", "sessionId":
> > "2a7c4038-b378-4335-a7ad-81a8d8999bf4", "attributes": {"lastLogon":
> > {"actions": [{"action": "replace", "values": [{"value":
> > "132460412764030630"}]}]}, "logonCount": {"actions": [{"action":
> > "replace", "values": [{"value": "19748"}]}]}}}}
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > Kerberos: AS-REQ authtime: 2020-10-01T17:54:36 starttime: unset
> > endtime: 2020-10-02T03:54:36 renew till: 2020-10-08T17:54:36
> > Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > arcfour-hmac-md5/arcfour-hmac-md5
> > Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
> > forwardable
> > stream_terminate_connection: Terminating connection -
> > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > NT_STATUS_CONNECTION_DISCONNECTED'
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > Kerberos: TGS-REQ Administrator at LOCAL.MYDOMAIN from
> > ipv4:192.168.1.23:62418 for
> > host/vr083023.LOCAL.MYDOMAIN at LOCAL.MYDOMAIN [canonicalize,
> renewable,
> > forwardable]
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > gendb_search_v: DC=local,DC=MYDOMAIN NULL -> 1
> > Kerberos: TGS-REQ authtime: 2020-10-01T17:54:36 starttime:
> > 2020-10-01T17:54:36 endtime: 2020-10-02T03:54:36 renew till:
> > 2020-10-08T17:54:36
> > stream_terminate_connection: Terminating connection -
> > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > NT_STATUS_CONNECTION_DISCONNECTED'
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list