[Samba] RDP user can login as user at samdom.com but not as SAMDOM\user
L.P.H. van Belle
belle at bazuin.nl
Fri Dec 3 09:21:48 UTC 2021
I seen this also, and yeah, username at REAM as username fixes it.
Can be windows but can be samba also or the combination..
I do suggest, upgrade ubuntu to 20.04.
And.. It does help is you tell which samba version you are using.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Alex
> via samba
> Verzonden: vrijdag 3 december 2021 0:58
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] RDP user can login as user at samdom.com but
> not as SAMDOM\user
>
> Hi!
> I set up a Ubuntu 18.04.6 Samba 4 server on my home network
> to practice
> with Samba / AD management, and I noticed an odd behaviour
> when trying to
> RDP into a domain joined Win10 Pro computer.
> The user is in the computer's Remote Desktop Users group.
> If I login as:
> User: samuser
> Domain: SAMDOM
> or
> User: SAMDOM\samuser
>
> I get an invalid password error.
>
> If I login as samuser at samdom.com, same password, then it works.
>
> I am not sure if this is just a Windows behaviour I've never noticed
> before, or maybe an issue in my Samba or Kerberos config
> files. The issue
> is only when logging on via RDP. Locally, I can just login as
> "samuser", I
> don't need to put samuser at samdom.com in the username field.
> I've included a copy of my config files and relevant event
> viewer error.
>
> Any tips would be appreciated!
>
> Peter
>
> ------- smb.conf
> [global]
> netbios name = SRV01
> realm = SAMDOM.COM
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
> kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = SAMDOM
> idmap_ldb:use rfc2307 = yes
> disable netbios = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/samdom.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> ------ krb5.conf
>
> [libdefaults]
> default_realm = SAMDOM.COM
> dns_lookup_kdc = true
> dns_lookup_realm = false
>
> # The following krb5.conf variables are only for MIT Kerberos.
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> ticket_lifetime = 24h
> proxiable = true
> fcc-mit-ticketflags = true
>
> [logging]
> default = FILE:/var/log/krb5/krb.log
> kdc = FILE:/var/log/krb5/kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [realms]
> SAMDOM.COM = {
> admin_server = srv01.samdom.com
> default_domain = samdom.com
> master_kdc = srv01.samdom.com
> kdc = srv01.samdom.com
> }
>
> ----- Windows Event Viewer - Security entry for failed RDP
>
> An account failed to log on.
>
> Subject:
> Security ID: NULL SID
> Account Name: -
> Account Domain: -
> Logon ID: 0x0
>
> Logon Type: 3
>
> Account For Which Logon Failed:
> Security ID: NULL SID
> Account Name: samuser
> Account Domain: SAMDOM
>
> Failure Information:
> Failure Reason: Unknown user name or bad password.
> Status: 0xC000006D
> Sub Status: 0xC000006A
>
> Process Information:
> Caller Process ID: 0x0
> Caller Process Name: -
>
> Network Information:
> Workstation Name: DESKTOP-00000
> Source Network Address: 192.168.1.5
> Source Port: 0
>
> Detailed Authentication Information:
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Transited Services: -
> Package Name (NTLM only): -
> Key Length: 0
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list